Using GPG in embedded applications?
Nik N
niknot at gmail.com
Thu Mar 26 06:53:59 CET 2009
On Tue, Mar 17, 2009 at 12:24 PM, Bo Berglund <bo.berglund at agiusa.com> wrote:
>
...
> The idea is to have the PC program encrypt a fairly large chunk of data using the embedded unit's public key and then send the result over the channel into the embedded application.
>
> Inside this (protected) hardware the secret key would be used to decode the data, then some processing would be done whereupon the resulting data is again GPG encrypted now with the public key of the PC program and sent back over the channel.
> Finally the PC program would decode the data and further process it.
>
I am trying to understand your threat model:
If the attacker has access only to the channel but not to the two
communicating devices, a simpler, symmetrical-cipher-only solution
would suffice. If, on the other hand, the attacher has access to
either device, isn't it reasonable to assume he'd be able to pry the
decryption (private) key and decrypt the data (flowing in at least one
direction)?
Nik N.
More information about the Gnupg-users
mailing list