How to verify the file was successfully encrypted...
George Ross
gdmr at inf.ed.ac.uk
Fri Jul 14 16:56:51 CEST 2006
> > How about if you append a hash of the file to the file, and encrypt that
> > too? Then have the remote machine do the trial decrypt-and-check-hash. If
> > all is OK the remote machine can then tell the local one to delete the
> > original; and if it's not OK, it can scream at you.
>
> Better than that, if you get GPG to sign the file when it encrypts it
> (using a passwordless key/subkey) and/or use the MDC option, you'll be
> able to do this more reliably...
Wasn't the original poster looking for something which didn't require
trusting one particular piece of software? If they're happy to go with
gpg, or to use two different PGP implementations at the two ends, then
sign+encrypt would indeed appear to cover it.
(Of course, it's not quite true signing, in the sense that it's only there
as a check against corruption, and the signing key will be visible on the
source machine.)
--
Dr George D M Ross, School of Informatics, University of Edinburgh
Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ
Mail: gdmr at inf.ed.ac.uk Voice: +44 131 650 5147 Fax: +44 131 667 7209
PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 238 bytes
Desc: not available
Url : /pipermail/attachments/20060714/c61502c4/attachment-0001.pgp
More information about the Gnupg-users
mailing list