How to decrypt multiple blocks in one text file

Hanno Mueller hanno.mueller at epublica.de
Fri Oct 17 22:33:45 CEST 2003 

Neil Williams schrieb:

> I'm using similar authentication processes but can there really be a need for 
> one single file? 

Yes, there is a need for one single file in my application.

> However, if you trust the server enough to receive and encrypt the data in the 
> first place, you might as well store the data as cleartext above the 
> public_html/ folder (out of reach of any inquisitive browser) and let the 
> security of the server be your protection. After all, if I was to crack the 
> server, I could delete the encrypted content or insert new values (the public 
> key must be present for you to encrypt so I can use the same key to encrypt 
> malicious or random data). With the server cracked, your authentication is 
> lost and the need to protect the dataset (which sound awfully like 
> username/password combos) is lost too - you can't protect data on the server 
> once the server itself is compromised without encrypting all sensitive data, 
> not just the identification strings for authentication.

I'm aware of that, but that's not what I am about to do. I am not trying 
to encrypt username/password combos, but payment order information.

On the web server, the account data is practically "write only". If 
someone wishes to change his account data, he can enter it again. We 
never have to show the full account info to the user again and we never 
have to decrypt it on the web server.

We transfer the collected payment data to a second computer, decrypt it 
there and then give it to our bank for a bulk payment order. Our bank 
accepts a special file format that lists account data and money amounts 
for multiple payments. This is why I am trying to create a single file 
from multiple encrypted blocks, each representing one payment.

So of course, the account information I wish to collect on the web 
server must be reasonably protected against decryption if someone cracks 
the server and gets full access to the database, because otherwise he 
could abuse our users' account data.

If someone manages to insert false data, our bank will tell us about 
false or failed payment orders instantly. If this happens, we will 
contact the user, ask him about it and thus know that his account data 
has been tampered with. So a breakin as you described can be dealt with 
and won't produce trouble for our users.


Greetings,

Hanno

More information about the Gnupg-users mailing list