I would point out in that last approach -- encrypting and sending un
secure (which is a good idea in many cases) does have a few
considerations. If the data is sensitive (like magnetic strip data
from a credit card) this is completely NOT ALLOWED. PCI and PA-DSS
won't allow it to hit the disk. If you do hit the disk and you care
about security on either end, you also need a secure delete
program. Simply deleting a file does not remove the data from the
disk. It takes about 5 lines of C to make a secure delete which if
anyone likes I can give them.
Eric
At 08:44 PM 6/6/2011, Dave Thompson wrote:
> From: owner-openssl-us...@openssl.org On Behalf Of greenelephant
> Sent: Sunday, 05 June, 2011 05:20
> Thanks for the reply Dave. I am grateful for your advice. I
> am a novice as you have probably gathered.
> If I am not wrong in my judgement you seem to have some expertise on
> cryptology.
Some, not a whole lot.
> I have stated SSL in my first post that I would like help
> with as you know.
> But with your expertise is there a better solution to use
> except SSL in
> terms of security using openssl?
SSL/TLS (preferably the newest version supported, today
usually TLS 1.1 or maybe 1.2) is a good general solution
for security of Internet endpoint communication
(particularly, but not only, web traffic using HTTPS).
OpenSSL is a good implementation of SSL/TLS, plus some
related (crypto) functionality, but not the only one;
any other conforming and well-tested implementation
available to you should be fine. For examples, Java
includes its own SSL/TLS implementation (for Java),
and I understand dot-NET does (for C#, VB, etc.)
There are other protocols that may be better in specific
situations (e.g. SSH as below) or necessary (e.g. IPsec
and DNSsec are done at a level below where SSL can work).
> Also is SSL an ideal security solution for secured FTP
> transmissions using
> the openssl module to enable me to subvert any efforts to
> sabotage or breach
> security perpetrated by intruders or hackers using the
> methods of attacks
> (side channeling for instance) previously mentioned?
FTP over SSL (FTPS) is a secure means of file transfer,
if supported by both your server(s) and your client(s),
which in my experience is not very common. When it is
supported, the server and client code determines what
module is used; it might be OpenSSL or something else.
Another good and in my experience more common method
of securing file transfer is SFTP, part of the SSH
protocol suite. The crypto used in SSH is generally
similar (though not identical) to SSL/TLS, and in fact
the most widespread implementation OpenSSH uses libcrypto
from OpenSSL, but the trust model is different (simpler).
Instead of creating and verifying certificates, SSH
requires you to manually verify a key fingerprint on
the first connection between a given client and server
(or else manually pre-transfer the encoded publickey).
This isn't very good for communications with strangers
(like sites you found on Google), but works okay for
people that already have some contact (like your friends,
customers of your company, etc).
Another approach is to secure the files themselves,
rather than just the transfer. That is, encrypt and
perhaps sign the files when (or before) they are
placed on the sending system(s), transfer them
using plain FTP or HTTP or other, and decrypt and
perhaps verify them on the receiving system(s).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
Eric S. Eberhard
(928) 567-3727 Voice
(928) 567-6122 Fax
(928) 301-7537 Cell
Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC
For Metropolis support and VICS MBA Support!!!! http://www.vicsmba.com
Pictures of Snake in Spring
http://www.facebook.com/album.php?aid=115547&id=1409661701&l=1c375e1f49
Pictures of Camp Verde
http://www.facebook.com/album.php?aid=12771&id=1409661701&l=fc0e0a2bcf
Pictures of Land Cruiser in Sedona
http://www.facebook.com/album.php?aid=50953&id=1409661701
Pictures of Flagstaff area near our cabin
http://www.facebook.com/album.php?aid=12750&id=1409661701
Pictures of Cheryl in a Horse Show
http://www.facebook.com/album.php?aid=32484&id=1409661701
Pictures of the AZ Desert
http://www.facebook.com/album.php?aid=58827&id=1409661701
(You can see why we love this state :-) )
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
