SDA (was: mobile GPG installation)
David Shaw
dshaw@jabberwocky.com
Fri May 16 03:55:13 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, May 12, 2003 at 02:34:35PM -0400, Todd wrote:
> Burns wrote:
> > You can achieve some protection if the recipient (someone without
> > gpg/pgp) has a md5 hash application, to check for the proper hash
> > value (previously given over the phone?) before they opened it.
>
> That's not a standard part of any Windows OS though (as far as I know, but I
> don't use windows if I can avoid it so I could be wrong). So the user you
> want to send the SDA to still has to install some software. They might as
> well install an OpenPGP application if they want to decrypt OpenPGP data.
Yes. I once toyed with the idea of making a small decrypt-only
OpenPGP program for this sort of thing. The idea was to be something
like gpgv - no trustdb, no key management, just decrypt symmetrically
encrypted messages. I didn't do it because the regular 'gpg' binary
is already pretty lightweight, and doesn't need a complex installation
to run anyway.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+xAZq4mZch0nhy8kRAr6kAJwMCTXLFD2JBN0IijmakXTlPsRvngCgu3HY
IbrW+V46Fd60RuPzrPSyLdY=
=h5YJ
-----END PGP SIGNATURE-----