make data available for a certain amount of time

Faramir faramir.cl at gmail.com
Thu Jul 10 21:14:51 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

vedaal at hush.com escribió:

>> I create a website and pack it in a zip file
>> when a complete stranger opens the website in the zip it checks 
>> for a valid key on a keyserver.
> 
>> when they key is valid the site opens
>> when the key is invalid the website never opens and the 
>> contentfiles of website in the zipfile cannot be accessed in any 
> way
> 
> 
> a workaround can be done to do what you want,
> but requires some input on your part
> 
> assuming the visitor to the website does not know which key on 
> which webserver is being checked,
> and you are not worried about people on the keyserver deliberately 
> interfering with your site
> 
> you can do the following:
> 
> [1] let the passphrase for the zipfile be the hashfile of your 
> public key block of the key on your keyserver
> 
> [2] when someone tries to access your site,
> arrange for your site to get the key from the keyserver, and hash 
> the public key, and enter the hash as passphrase for the zipfile
> 
> [3] whenever you want to stop access,
> add a subkey to your key, and upload it to the keyserver
> 
> the hash will change,
> and the zipfile won't decrypt

  Then, he can store the hash in a txt file in a protected folder of the
server, and the website can check it... but then... why don't you just
remove the zip file, if it becomes invalid?

  Best Regards

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIdl+rAAoJEMV4f6PvczxApR4H/R8jfhxJvS5dGTXIQlepFUu8
B3ZtoEBOiuieSxexNShIgBNmDyocf7teDlitaLnjE864IXsnCSpjpJ9wVQWbk71H
oBXxYqA9E3CklTtkVGf4SK6XrWhQg+tHO+VP53iYszHT/uolhc5pDRhewNbUTGyv
bZc2LwyHTLC17faJXdJgEIkbo678zRovu5c5Ycu0jdWXtjZ0rmo+rWglDNnceEfT
iINgljABUYckqGysvU2WcWk36KpqoWohZpX7RAGJTafbuO8c3AHGdyt6gzCouPyV
V1SfR9appkdDgNm0MZ2z6Y6J3SVTI4aGkbDiNr/3CFNFFfCafPrwSyySumwpr5Q=
=Ljf1
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list