Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

safe encrypting process?

On Mon, 2 Feb 2004, Steve wrote:

> I'd like to encrypt some info that could later be searched, but I'm
> trying to figure out an optimal/safe way to go about doing it.
> For the actual encryption, I'd put the information in a plaintext file
> > gpg -c foo.txt > foo.gpg (encrypt with gpg)
> > shred -u foo.txt* (shred the old plaintext file and any backup copies
> of it)
> If I wanted to search the file, I'd
> > gpg --decrypt foo.gpg | grep whatever
> Modifying the file would be:
> > gpg --decrypt foo.gpg > foo.txt
> > joe foo.txt (and make modification)
> > gpg -c foo.txt > foo.gpg
> > shred -u foo.txt* (to get rid of plaintext file and any backup copies)
> And then I could script this so I wouldn't have to bother with typing in
> everything. But I'm curious about the weaknesses of using such a method
> for encrypted information. In particular, any sort of temporary files
> which would have stuff during the plaintext post-decryption process (tmp
> file from joe, for example). Is there a simpler, better way of going
> about this?

A self-encrypting program is a non-sequitur. Really, all you can do is
obfuscate it a bit, to make casual copying impossible. If you want to
protect it further, make it hardware (dongle) or network (license server)
dependant. Or wait until the RIAA/MPAA pass the CPRM

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /