[ILUG] Question on an encryption system (using OSS)
Conor Daly
conor.daly_ilug at cod.homelinux.org
Tue Sep 13 12:30:57 IST 2005
On Tue, Sep 13, 2005 at 12:15:21PM +0100 or so it is rumoured hereabouts,
Proinnsias Breathnach thought:
>
> I'd be leaning towards some flavour of gpg encrypted/signed call-home
> registration method. Registration script to encrypt to your public
> release-key a message which is signed by the users' key. To which the
> server replies with a decrypt-key encrypted to the user-key. The script
> would only store the decrypt-key in memory, avoiding most of the vectors
> for its getting out into the wild.
This method limits unpacking of your tarball to those machines that can
access your server. If your server disappears, they cannot get at the
tarball ever. You'd need to provide the means to get at the tarball on a
standalone machine.
Conor
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
---------------------
Hobbiton.cod.ie
12:27:38 up 29 days, 20:19, 2 users, load average: 0.18, 0.11, 0.03
More information about the ILUG
mailing list