[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: symmetric key encryption utilities

To: Curtis Collicutt <curtis@ghostitm.com>
Subject: Re: symmetric key encryption utilities
From: Wouter Slegers <wouter@yourcreativesolutions.nl>
Date: Thu, 5 Jul 2001 10:05:27 +0200
Cc: misc@openbsd.org
Content-Disposition: inline
References: <200107041424.PAA00802@t-online.de> <20010704231356.A10923@ghostitm.com>
User-Agent: Mutt/1.2.5i

On Wed, Jul 04, 2001 at 11:13:56PM -0600, Curtis Collicutt wrote:
> I just want to encrypt a file with a specific key without
> a passphrase, the way symmetric encryption was meant to 
> be done (and without storing the key in the file). 
The one thing that puzzles me, is your insistance on a symmetric key.
Why not use PGP/GPG or similar like this:
Encrypt the tar of a system X with Pub_X and send it off to the backup
server. Keep the Sec_X (i.e. the secret keyring) on the system if you
like, but at least make sure you don't loose it (burning it on a CD or
writing it on a floppy and storing it in a [offsite?] vault is
preferred).
Now the backup server cannot decrypt any backup as it does not hold the
correponding secret keys, satisfying your goal.
If you do not put Sec_X on the server itself but on the restore disk/CD
(and a backup somewhere else!), an attacker rooting one of your servers
cannot access older backups. Putting Sec_X on the server itself is only
for convenience at restore time and then this key itself may have been
destroyed :-)

BTW, amanda has some supporting scripts that allow you to do similar
things I believe.

With kind regards
Wouter Slegers

References:
- Re: symmetric key encryption utilities
  - From: HBurde@t-online.de (me)
- Re: symmetric key encryption utilities
  - From: Curtis Collicutt <curtis@ghostitm.com>

Prev by Date: Re: asus mobo
Next by Date: Re: sony vaio question - xwindows question
Prev by thread: Re: symmetric key encryption utilities
Next by thread: Re: symmetric key encryption utilities
Index(es):
- Date
- Thread