On Monday 25 July 2005 4:06 am, Michael Nguyen wrote: > Eh...something very custom for our customer base. It wouldn't be useful to > anyone else.
Assumption is the mother of all $^£&*^ ups. :-) > Basically, what I'm going to do is allow a PGP option for our > users. We'll have a bunch of key generation and storage stuff, but the > part I'm going to write is this: > > - Email comes in for user > - If user is set to have "PGP enabled", check to see if the email is > encrypted > - If encrypted, check the user's key rings and decrypt it Presumably users are aware that this would render their own keys insecure so you're using "group" or "corporate" keys via your key generation/storage? Why then check the *user's* keyrings? Shouldn't that be the central keyring of generated keys (presumably with no passphrase). Users should not be given the impression that these keys are secure for use with personal email, keysigning etc. > - Write this new decrypted buffer to the maildir For absolutely anyone to read - you're merely using encryption for the external part of the mail chain? You assume that your internal security is sufficient to prevent unauthorised users within the company reading the maildir? > That's really rough, but I hope you see what I'm getting at. Well I wouldn't use it! :-) If I encrypt to someone, I expect that person to be the only person to be able to decrypt the message. I do not expect some automated script to be able to decrypt it in passing - I wouldn't sign any such key so exactly who or what is encrypting to this script? Have you looked at x.509 certificates that have a different trust model, perhaps more suited to a "group" or "corporate" model rather than the individual trust inherent in GnuPG/PGP? > I intend to > do the same thing for outgoing mail. Automated encryption is fine - if you've got sufficient keys - but automated decryption always weakens the security and can make encryption itself worthless. How secure is the server that runs the script? How secure do you actually need the communication? Wouldn't using standard protocols via SSH accomplish the same end via much simpler (and standardised) methods? I use a script to automatically encrypt messages from the server to those members who have suitable keys, but I'd never trust any server open to the internet sufficiently to decrypt messages automatically. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
pgpgKM6X6N4v5.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
