Encrypting with an message expiration date
David Shaw
dshaw at jabberwocky.com
Sun Jan 3 01:45:15 CET 2010
On Jan 2, 2010, at 5:40 PM, Allen Schultz wrote:
> GnuPG-Users:
>
> Is there a way to force an expiration date when encrypting a message
> for additional security. I have a friend who is inquiring. I've
> already informed him of the "for his/her eyes only" option.
No, there isn't. The basic problem here is that you rely on someone
to honor your request to kill a message after the expiration date.
They can just ignore your request, and do what they like. Even if
there was some means to do this, it's easy to foil - Alice sends a
self-destructing message to Baker, but before it expires, Baker reads
it and copies the contents into an unencrypted file.
Incidentally, the "For Your Eyes Only" option in OpenPGP is also not
particularly secure, for these same reasons.
It's possible to imagine a mail system that enforces this sort of
thing (not the crypto itself, but as part of the whole mail system of
which the crypto is only a part), but that's not a very strong
protection - and even then suffers from the copy-to-an-unencrypted-
file problem.
David
More information about the Gnupg-users
mailing list