safe encrypting process?

Bob Keyes bob at sinister.com
Mon Feb 2 19:46:49 EST 2004


On Mon, 2 Feb 2004, Steve wrote:

>
> I'd like to encrypt some info that could later be searched, but I'm
> trying to figure out an optimal/safe way to go about doing it.
>
> For the actual encryption, I'd put the information in a plaintext file
> > gpg -c foo.txt > foo.gpg (encrypt with gpg)
> > shred -u foo.txt* (shred the old plaintext file and any backup copies
> of it)
>
> If I wanted to search the file, I'd
> > gpg --decrypt foo.gpg | grep whatever
>
> Modifying the file would be:
> > gpg --decrypt foo.gpg > foo.txt
> > joe foo.txt (and make modification)
> > gpg -c foo.txt > foo.gpg
> > shred -u foo.txt* (to get rid of plaintext file and any backup copies)
>
> And then I could script this so I wouldn't have to bother with typing in
> everything. But I'm curious about the weaknesses of using such a method
> for encrypted information. In particular, any sort of temporary files
> which would have stuff during the plaintext post-decryption process (tmp
> file from joe, for example). Is there a simpler, better way of going
> about this?

A self-encrypting program is a non-sequitur. Really, all you can do is
obfuscate it a bit, to make casual copying impossible. If you want to
protect it further, make it hardware (dongle) or network (license server)
dependant. Or wait until the RIAA/MPAA pass the CPRM
(http://www.eff.org/IP/DRM/CPRM/20010328_eff_cprm_alert.html).




More information about the Discuss mailing list