[boulder.pm] RFC on encryption approach
Walter Pienciak
walter at frii.com
Wed Jan 17 13:19:51 CST 2001
On Tue, 16 Jan 2001, Kyle Moore wrote:
> I don't think you can be too paranoid very often. PGP/GPG or something
> like that sounds like a good approach. Let us know what you end up
> with...I'm interested in this one.
>
> -kyle
>
> Walter Pienciak wrote:
> >
> > Am I being totally paranoid, pedantic, and this worry is complete
> > overkill? Or should I ought to look at the PGP/GPG approach, and
> > the outside server has the "public key", while only the inside machine,
> > which would pull the data, would have the "private key"?
> >
> > Walter
Yeah,
I guess there's the "right" way to do it and the "expedient"
way to do it.
Going with a shared-secret cryptosystem, it's not much more
complicated than
use Crypt::Blowfish;
my $cipher = new Crypt::Blowfish $key;
my $ciphertext = $cipher->encrypt($plaintext);
to encrypt and
use Crypt::Blowfish;
my $cipher = new Crypt::Blowfish $key;
my $plaintext = $cipher->decrypt($ciphertext);
to decrypt. But a public-key model requires, for example, gnupg,
which requires a good source of entropy (i.e., /dev/random, which
Solaris does not have), so I install that . . . , user symlinks to
/somewhere/entropy, key setup, yada yada yada, etc. More work.
Well, I guess I shouldn't bitch. It's interesting and better architected.
So gnupg and egd (Entropy Gathering Daemon) are now on my development
machine. Stay tuned . . .
By the way, I haven't forgotten about the lock/nicevi thing; people
made great comments, and sooner or later I'll get back to that --
but that's "fun" stuff without a looming deadline . . .
Walter "crypto boy"
More information about the Boulder-pm
mailing list