Re: Decrypting GPG/PGP email messages

Alessandro Bottoni <[EMAIL PROTECTED]> writes: > I'm going to use my own implementation of OTP because the existing > mechanism are devoted to protect the remote login channel and cannot > be easily adapted to my weird e-mail-based mechanism. Anyway, I'm > going to use a (encrypted) very long pseud

Re: Decrypting GPG/PGP email messages

Piet van Oostrum wrote: > What benefit is there in encrypting the messages? It would only prevent > people intercepting the message from seeing what's inside, but it won't > give you any additional protection on the server. You are right. Bad guys can still try to send garbage to my system and, wi

Re: Decrypting GPG/PGP email messages

> François Pinard <[EMAIL PROTECTED]> (FP) wrote: >FP> Protection against replay is easily guaranteed by sequencing requests, >FP> that is, including a sequence number within the message, each originator >FP> his sequence. A digital signature prevents someone from tampering with >FP> the seq

Re: Decrypting GPG/PGP email messages

[Piet van Oostrum] > > Alessandro Bottoni <[EMAIL PROTECTED]> (AB) wrote: > >AB> Of course, I want to be sure that only the allowed people is > >AB> able to send such dangerous messages to my server so I will ask > >AB> my users to encrypt and digitally sign their messages using > >AB> Thunder

Re: Decrypting GPG/PGP email messages

> Paul Rubin (PR) wrote: >PR> PGP/GPG have their own base64 encoding called "ascii armor" in PGP >PR> lingo. This stuff predates widespread use of MIME and traditionally, >PR> PGP messages are sent as ascii armored plain text, not attachments. Most PGP/GPG message

Re: Decrypting GPG/PGP email messages

> Alessandro Bottoni <[EMAIL PROTECTED]> (AB) wrote: >AB> Of course, I want to be sure that only the allowed people is able to send >AB> such dangerous messages to my server so I will ask my users to encrypt and >AB> digitally sign their messages using Thunderbird, Enigmail and GPG ... What b

Re: Decrypting GPG/PGP email messages

> Alessandro Bottoni <[EMAIL PROTECTED]> (AB) wrote: >AB> Of course, I want to be sure that only the allowed people is able to send >AB> such dangerous messages to my server so I will ask my users to encrypt and >AB> digitally sign their messages using Thunderbird, Enigmail and GPG ... What b

Re: Decrypting GPG/PGP email messages

> Alessandro Bottoni <[EMAIL PROTECTED]> (AB) wrote: >AB> Of course, I want to be sure that only the allowed people is able to send >AB> such dangerous messages to my server so I will ask my users to encrypt and >AB> digitally sign their messages using Thunderbird, Enigmail and GPG ... What b

Re: Decrypting GPG/PGP email messages

Alessandro Bottoni wrote: > I know you will shake you head sadly but... I really have to perform such > a suicidal task (even if for a short time and just for internal use). > > I have to send by email (over the open internet) a XML file containing > _system commands_ (yes: the kind of stuff li

Re: Decrypting GPG/PGP email messages

Alessandro Bottoni <[EMAIL PROTECTED]> writes: > 1) What would you use to decrypt the messages? The GPG module created by > Andrew Kuchling is declared "incomplete" and "no more maintained" on his > web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the > game. I think I'd just