mobile GPG installation

Werner Koch wk@gnupg.org
Mon May 12 16:05:02 2003


On Mon, 12 May 2003 09:14:40 -0400, Adam Pavelec said:

> Speaking of which, has anyone been working on such a tool that
> uses GnuPG?  The ability to create Self-Decrypting Archives
> comes in quite handy when dealing with luddites.

We have talked about this here several times.  GnuPG won't provide
such a thing for 4 reasons:

  1. It is not secure and can easily be attacked (replacing the
     decryption code by custom code which sends the passphrase back to
     the attacker).

  2. It gives a false sense of security.

  3. It is not portable - a sender does not necessary know on what
     platform the recipient wants to unpack/decrypt the document.
     Well, ia32 is a good guess but tehre are a lot of users with PDA
     using a non-ia32 CPU.  And of course there is not only Windows.

  4. It is easier to install an real crypto application and use this
     to decrypt something.  Nobody would sends a PDF reader along with
     a PDF document.


Shalom-Salam,

   Werner



-- 
  Nonviolence is the greatest force at the disposal of
  mankind. It is mightier than the mightiest weapon of
  destruction devised by the ingenuity of man. -Gandhi