> I think this is secure:
>
> - pre-distribute a public key (cert, whatever) that you trust
> - install decryption/sig checking software on the target machines
> (I think this is necessary)
> - when the blob is transmitted, send a signature (detached) and the
> executable self-extracting encrypted blob
> - when the blob is received, you need to check the signature (yes,
> requires neural activity at receiving end. or civil software than
> has a UI that helps with this...)
> - AFTER you checked the signature, execute the extractor/decryptor.
But if you're willing to do all that, why not install the decryption software
in steps 1 and 2, and then just transmit the encrypted file later to be
decrypted by the program you already installed? I hardly need point out that
this is how PGP actually works.
Also keep in mind that authentication that a program hasn't been tampered
with is only vaguely related to whether the program works. Microsoft sends
out all their updates with swell digital signatures to prove that it's
Genuine Redmondware, but they still find and patch a security hole roughly
once a week. The majority of the security problems are not bugs in
individual routines and programs, but exploits that use interfaces between
two or more programs ways not intended by the authors. I would think that to
be a very likely failure mode for a blob like the one above that's supposed
to interface with an already installed security monitor.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
