How to decrypt multiple blocks in one text file
Hanno Mueller
hanno.mueller at epublica.de
Fri Oct 17 22:33:45 CEST 2003
Neil Williams schrieb:
> I'm using similar authentication processes but can there really be a need for
> one single file?
Yes, there is a need for one single file in my application.
> However, if you trust the server enough to receive and encrypt the data in the
> first place, you might as well store the data as cleartext above the
> public_html/ folder (out of reach of any inquisitive browser) and let the
> security of the server be your protection. After all, if I was to crack the
> server, I could delete the encrypted content or insert new values (the public
> key must be present for you to encrypt so I can use the same key to encrypt
> malicious or random data). With the server cracked, your authentication is
> lost and the need to protect the dataset (which sound awfully like
> username/password combos) is lost too - you can't protect data on the server
> once the server itself is compromised without encrypting all sensitive data,
> not just the identification strings for authentication.
I'm aware of that, but that's not what I am about to do. I am not trying
to encrypt username/password combos, but payment order information.
On the web server, the account data is practically "write only". If
someone wishes to change his account data, he can enter it again. We
never have to show the full account info to the user again and we never
have to decrypt it on the web server.
We transfer the collected payment data to a second computer, decrypt it
there and then give it to our bank for a bulk payment order. Our bank
accepts a special file format that lists account data and money amounts
for multiple payments. This is why I am trying to create a single file
from multiple encrypted blocks, each representing one payment.
So of course, the account information I wish to collect on the web
server must be reasonably protected against decryption if someone cracks
the server and gets full access to the database, because otherwise he
could abuse our users' account data.
If someone manages to insert false data, our bank will tell us about
false or failed payment orders instantly. If this happens, we will
contact the user, ask him about it and thus know that his account data
has been tampered with. So a breakin as you described can be dealt with
and won't produce trouble for our users.
Greetings,
Hanno
More information about the Gnupg-users
mailing list