Why sign as well as encrypt files stored on untrusted drives?

Chris Poole lists at chrispoole.com
Wed Jul 13 17:27:29 CEST 2011


On Wed, Jul 13, 2011 at 2:04 PM, Jerome Baum <jerome at jeromebaum.com> wrote:

> You've said it yourself. The attack is to encrypt something else to your
> public key.

You're right. Somehow I hadn't thought about someone being able to simply
encrypt a file with the same filename as an existing file to me, with some
nefarious content.

A separate encrypted file is kept, storing a manifest of the backed up files
(i.e., which file is in which encrypted container), so I think it'd be more
along the lines of getting lucky, since the program (Duplicity) would realise
that a file that should be in a certain container isn't, or something extra is
there in its place.

> Have you considered a separate key for the signature?

I use a separate signing key anyway, for all my signatures. How would using a
separate key help here?... I'd still need to give my passphrase somehow.


Cheers


Chris Poole
[PGP BAD246F9]



More information about the Gnupg-users mailing list