Secure text editor?
daneshwar.mishra at wipro.com
daneshwar.mishra at wipro.com
Fri May 18 11:21:58 CEST 2007
Hi all,
We are planning to use GPG tool in our application which is JAVA Based.
Could you please let me know that, how can i use GPG encryption and
decryption using JAVA.
below is criteria on which i have to evaluate GPG
Evaluate GPG tool --
i.Invoking this tool from Java. If this is not supported some other tool
ii.Storage of keys/certificated in keystore
iii.Using the keys/certificates for encryption & decryption.
Note: Encryption and decryption will be of a given file name at any
location.
Means I gon't want to pass input as string but a file name.
I have already gone through GNUPG.java file which does e/d of passed
string.
I am looking for some API which I can directly use.
iv.Encrypt and decrypt for compressed as well as other files like text,
pdf, excel etc.
any help will be appritiable.
regards,
Danesh
-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Alessandro Vesely
Sent: Friday, May 18, 2007 12:58 PM
To: gnupg
Subject: Re: Secure text editor?
Ryan Malayter wrote:
> On 5/17/07, Alessandro Vesely <vesely at tana.it> wrote:
>> Not quite. That may happen as an undocumented side effect on some (or
>> all) OS versions, and is not what the function is meant to do.
>
> The documentation clearly states:
> "These pages are guaranteed not to be written to the pagefile while
> they are locked."
Ooops, I hadn't noticed that. Yes, then VirtualAlloc and VirtualLock can
be used to avoid leaving traces of sensitive data on the swap file in
the way you described (i.e. lock before fill and sweep before
unlock.)
I still think that's not the kind of task that the function has been
designed for. The authorization constrain you mentioned and other
possible side effect tend to make it unpractical for naive usage.
However, a background console app that allocates a few memory pages for
storing sensitive data (e.g. a gpg agent?) should use it to increase
data security.
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
More information about the Gnupg-users
mailing list