Why sign as well as encrypt files stored on untrusted drives?
Chris Poole
lists at chrispoole.com
Wed Jul 13 17:27:29 CEST 2011
On Wed, Jul 13, 2011 at 2:04 PM, Jerome Baum <jerome at jeromebaum.com> wrote:
> You've said it yourself. The attack is to encrypt something else to your
> public key.
You're right. Somehow I hadn't thought about someone being able to simply
encrypt a file with the same filename as an existing file to me, with some
nefarious content.
A separate encrypted file is kept, storing a manifest of the backed up files
(i.e., which file is in which encrypted container), so I think it'd be more
along the lines of getting lucky, since the program (Duplicity) would realise
that a file that should be in a certain container isn't, or something extra is
there in its place.
> Have you considered a separate key for the signature?
I use a separate signing key anyway, for all my signatures. How would using a
separate key help here?... I'd still need to give my passphrase somehow.
Cheers
Chris Poole
[PGP BAD246F9]
More information about the Gnupg-users
mailing list