SDA (was: mobile GPG installation)

Burns burns@runbox.com
Mon May 12 19:18:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --- Werner Koch <wk@gnupg.org> wrote:
> On Mon, 12 May 2003 09:14:40 -0400, Adam Pavelec said:
> 
> > Speaking of which, has anyone been working on such a tool that
> > uses GnuPG?  The ability to create Self-Decrypting Archives
> > comes in quite handy when dealing with luddites.
> 
> We have talked about this here several times.  GnuPG won't
provide
> such a thing for 4 reasons:
> 
>   1. It is not secure and can easily be attacked (replacing the
>      decryption code by custom code which sends the passphrase
back to
>      the attacker).


You can achieve some protection if the recipient (someone without
gpg/pgp) has a md5 hash application, to check for the proper hash
value (previously given over the phone?) before they opened it.

A very simple to use hash utility for Windows:

MD5 for Win32
http://www.geocities.com/ballarke/Applications/MD5Win32/

Just a thought.

Randy


-----BEGIN PGP SIGNATURE-----

iD8DBQE+v9YUhNLaTSzsrh8RApCCAJ4lvgDKrIUCH6RF7F6PpjES+P96PgCgre4/
nJDtWnwTPyUPu9ILdBB5vqc=
=aMpF
-----END PGP SIGNATURE-----