Re: Somewhat OT, encryption question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 11/26/2014 10:18 PM, Bruno Wolff III wrote:

On Wed, Nov 26, 2014 at 20:33:51 -0500,
 Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:


On 11/26/2014 07:10 PM, Bruno Wolff III wrote:

On Wed, Nov 26, 2014 at 20:47:25 +0000,
Bill Oliver <vendor@xxxxxxxxxxxxx> wrote:

On Wed, 26 Nov 2014, Bill Oliver wrote:

Actually, let me be more specific.  Let's say I have data on a flash
drive that is encrypted using gpg.  We can even say the flash drive
itself is encrypted.

Now let's say that flash drive is stolen, lost, etc. *and* the
passphrase is compromised.  I want the data on the flash drive to be
available *only on one computer* even if the passphrase is known.
If you don't need to decrypt data in the field, you can use public key encryption. You won't be able to decrypt the data without the private key. (Which you wouldn't have with you or the flash drive.)
NOBODY encrypts lots of data with asymmetric cryptography. Rather, using RSA say, you create a random AES key, encrypt the data with that, THEN encrypt the little key data with the public key.
Yes of course. The idea was that you could do the encryption with say pgp, erase the originally (carefully) and then you wouldn't be able to decrypt the data without having the private key (which would be on some other device than the computer the file was on). Using asymmetric cryptography is what allows you to do that. Just using a symmetric key wouldn't. That the bulk of the encryption is really done symmetricly with just the symmetric key encrypted with the public key is just an immplementation detail.
If your private key is on a USB dongle with your software supporting it, it all works together.
But that doesn't seem to be what he wants. He wants to make sure that that having the encrypted data, and his passphrase is not good enough to recover the plaintext. If the private key is on the same machine he is using his passphrase on, then they may both may be compromised together (the scenario didn't say how the passphrase was compromised so it isn't clear of this is a likely or unlikely case).
The private key is on the dongle. Some dongles actually do the key operation on the dongle so the private key never leaves it. But it has been a decade since I worked with these devices.
A shell script that is on a USB device (but I still prefer a microSD card and a USB card reader) that reads something on the computer plus the 'passcode' to construct a pgp 'passphrase' might do it. 


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux