Hi Dirk & Ken,

I'm working on a similar problem... automated decryption "in the field" and
what I have come to is this:

Encrypt the message with a symmetric algorithm, adding salt and a
hash/checksum to ensure validity.  Then, taking that result and signing
with a private key.

In the field - the signature is validated with the matching public key,
then the symmetric algorithm decrypts the message.  While it is possible
that an attacker might unravel the shared keys used in the symmetric
encryption, this is not so much our concern as is the authenticity of the
message when received.  The combination of private key signature plus hash
checksum should do that.

Our solution needs to be "hands off" automated, which basically precludes
the idea of using passphrases (which would not stay secure in our
organization anyway.)  A determined attacker could get into the source code
and tease out the symmetric key, but that would only show them the contents
of the message, which, if they have the hardware, they can get anyway by
copying the hard drive after the message is decrypted - and as stated
above, this is of much less concern than a spoofed message getting
automatically accepted.

When I studied cryptography at Uni in the 1980s, they taught that
private/public key encryption was a more or less interchangeable affair -
the only difference between a private key and a public key is the manner in
which they are handled.  As such, I am a little disappointed in the GnuPGP
implementation that doesn't allow encryption with the private key to serve
as authentication and obscurity of the message - our private key will be
obscured, but obviously not secured since attackers may have control of the
standard computer system it is contained in.  As things are, I am left to
use a layer of symmetric encryption to obscure the message, no more secure
in the end than using the private key to encrypt (since the symmetric key
is in the devices in the wild), but much more hassle.

Unless I'm missing something?

Also, thus far I have decided that it's easier to do symmetric encryption
with libgcrypt rather than mess with pgp... next week I'll be looking into
how to implement the signature with the private key - maybe that's also
practical to do in libgcrypt instead of gpgme?
Gnupg-users mailing list

Reply via email to