SDA (was: mobile GPG installation)
Mon May 12 19:18:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
- --- Werner Koch <email@example.com> wrote:
> On Mon, 12 May 2003 09:14:40 -0400, Adam Pavelec said:
> > Speaking of which, has anyone been working on such a tool that
> > uses GnuPG? The ability to create Self-Decrypting Archives
> > comes in quite handy when dealing with luddites.
> We have talked about this here several times. GnuPG won't
> such a thing for 4 reasons:
> 1. It is not secure and can easily be attacked (replacing the
> decryption code by custom code which sends the passphrase
> the attacker).
You can achieve some protection if the recipient (someone without
gpg/pgp) has a md5 hash application, to check for the proper hash
value (previously given over the phone?) before they opened it.
A very simple to use hash utility for Windows:
MD5 for Win32
Just a thought.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----