Gnupg-users Digest, Vol 7, Issue 19

Kevin McNally ipalette at hotmail.com
Thu Apr 15 01:36:02 CEST 2004


It's sent over https://

When the body of the email is built the message is encrypted then emailed, 
nothing is displayed in the browser. The page that decodes the message is 
secured and only known by one person.

Kevin


>From: Neil Williams <linux at codehelp.co.uk>
>To: gnupg-users at gnupg.org
>Subject: Re: Gnupg-users Digest, Vol 7, Issue 19
>Date: Wed, 14 Apr 2004 22:12:36 +0100
>
>On Wednesday 14 Apr 2004 9:31, Kevin McNally wrote:
> > Thanks Pete,
> >
> > >>From the little information I have found it may be a permissions issue 
>on
> >
> > the server, but I can not be sure. Basically this is what happens:
> > 1. Someone fills out a form on the website and it is emailed to someone 
>I
> > created a key for.
> > 2. The recipient gets an email with an encrypted message in the body.
> > 3. Once the the email is received, she goes to a seperate webpage on the
> > server to decrypt it.
> > 4. She copies the encrypted body of the message into a text box on the 
>page
> > and types the pass phrase into a sperate field.
> > 5. The form data is formatted and dispalyed for her to use.
>
>At which point, all your effort in encrypting the transmitted data is lost!
>Everything that the server displays in the browser is sent in plain text -
>including the decrypted block!!
>
>Unless the block is decrypted locally, it will be pointless encrypting it 
>in
>the first place! If you never encrypted it in the first place, the data 
>would
>still be sent once in clear text, just like in your system.
>
>The second problem is that the PASSPHRASE is sent in clear text too, so now
>the key is compromised too, or are you doing this over https:// ?
>
> >
> > Does that makes sense?
>
>Umm, No. Sorry.
>
>--
>
>Neil Williams
>=============
>http://www.codehelp.co.uk/
>http://www.dclug.org.uk/
>http://www.isbn.org.uk/
>http://sourceforge.net/projects/isbnsearch/
>
>http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
><< attach4 >>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




More information about the Gnupg-users mailing list