Why sign as well as encrypt files stored on untrusted drives?

Jerome Baum jerome at jeromebaum.com
Thu Jul 14 05:58:50 CEST 2011


>> Have you considered a separate key for the signature?
>
> I use a separate signing key anyway, for all my signatures. How would using a
> separate key help here?... I'd still need to give my passphrase somehow.

You mentioned not wanting to keep the passphrase in gpg-agent. That
problem might disappear with a separate key.

On the manifest file, if you're hashing the encrypted files then it's
really useless (the attacker can just re-hash and re-encrypt for the
manifest file). However, it can still be useful -- if you sign only
the manifest file, you only have to enter your passphrase once, and
you can still verify a given file.

(Watch out though: You have to make sure all the files are authentic
before you hash them -- e.g. by checking the old hashes -- but what
happens if I replace a file just after you've verified it but before
you're about to re-hash it? Kind of like a bait-and-switch.)

-- 
Jerome Baum

Hessenweg 222
48432 Rheine
GERMANY

tel +49-1578-8434336
email jerome at jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
Q: Why is this email five sentences or less?
A: http://five.sentenc.es



More information about the Gnupg-users mailing list