[boulder.pm] RFC on encryption approach

Walter Pienciak walter at frii.com
Wed Jan 17 13:19:51 CST 2001


On Tue, 16 Jan 2001, Kyle Moore wrote:

> I don't think you can be too paranoid very often. PGP/GPG or something
> like that sounds like a good approach. Let us know what you end up
> with...I'm interested in this one.
>
> -kyle
>
> Walter Pienciak wrote:
> >
> > Am I being totally paranoid, pedantic, and this worry is complete
> > overkill?  Or should I ought to look at the PGP/GPG approach, and
> > the outside server has the "public key", while only the inside machine,
> > which would pull the data, would have the "private key"?
> >
> > Walter

Yeah,

I guess there's the "right" way to do it and the "expedient"
way to do it.

Going with a shared-secret cryptosystem, it's not much more
complicated than

use Crypt::Blowfish;
my $cipher = new Crypt::Blowfish $key;
my $ciphertext = $cipher->encrypt($plaintext);

to encrypt and

use Crypt::Blowfish;
my $cipher = new Crypt::Blowfish $key;
my $plaintext = $cipher->decrypt($ciphertext);

to decrypt.  But a public-key model requires, for example, gnupg,
which requires a good source of entropy (i.e., /dev/random, which
Solaris does not have), so I install that . . . , user symlinks to
/somewhere/entropy, key setup, yada yada yada, etc.  More work.
Well, I guess I shouldn't bitch.  It's interesting and better architected.

So gnupg and egd (Entropy Gathering Daemon) are now on my development
machine.  Stay tuned . . .

By the way, I haven't forgotten about the lock/nicevi thing; people
made great comments, and sooner or later I'll get back to that --
but that's "fun" stuff without a looming deadline . . .

Walter "crypto boy"




More information about the Boulder-pm mailing list