Gnupg-users Digest, Vol 7, Issue 19
ipalette at hotmail.com
Thu Apr 15 01:36:02 CEST 2004
It's sent over https://
When the body of the email is built the message is encrypted then emailed,
nothing is displayed in the browser. The page that decodes the message is
secured and only known by one person.
>From: Neil Williams <linux at codehelp.co.uk>
>To: gnupg-users at gnupg.org
>Subject: Re: Gnupg-users Digest, Vol 7, Issue 19
>Date: Wed, 14 Apr 2004 22:12:36 +0100
>On Wednesday 14 Apr 2004 9:31, Kevin McNally wrote:
> > Thanks Pete,
> > >>From the little information I have found it may be a permissions issue
> > the server, but I can not be sure. Basically this is what happens:
> > 1. Someone fills out a form on the website and it is emailed to someone
> > created a key for.
> > 2. The recipient gets an email with an encrypted message in the body.
> > 3. Once the the email is received, she goes to a seperate webpage on the
> > server to decrypt it.
> > 4. She copies the encrypted body of the message into a text box on the
> > and types the pass phrase into a sperate field.
> > 5. The form data is formatted and dispalyed for her to use.
>At which point, all your effort in encrypting the transmitted data is lost!
>Everything that the server displays in the browser is sent in plain text -
>including the decrypted block!!
>Unless the block is decrypted locally, it will be pointless encrypting it
>the first place! If you never encrypted it in the first place, the data
>still be sent once in clear text, just like in your system.
>The second problem is that the PASSPHRASE is sent in clear text too, so now
>the key is compromised too, or are you doing this over https:// ?
> > Does that makes sense?
>Umm, No. Sorry.
><< attach4 >>
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
Is your PC infected? Get a FREE online computer virus scan from McAfee®
More information about the Gnupg-users