Signing already-encrypted files (all to self)?
Jerome Baum
jerome+person at jeromebaum.com
Sat Nov 12 00:03:29 CET 2011
On 2011-11-11 23:57, Doug Barton wrote:
> On 11/11/2011 14:54, Chris Poole wrote:
>> OK thanks, I hadn't thought of that. I'd still have to decrypt and re-encrypt
>> them to keep hashes of all plaintext versions of the files though. (Thinking
>> about running this script every few days and hashing the latest files pulled
>> from the IMAP server; it'd be far easier just to find any files not ending in
>> ".gpg" to hash.)
>
> I think this came up last time and I don't remember the reason you
> didn't like the solution, but wouldn't something like truecrypt be a
> whole heckuva lot easier?
Can't speak for Chris of course, but maybe you don't want the private
key "open" too much. You can encrypt without the private key. Same
doesn't go for TrueCrypt.
(When it comes to signing that's another matter, but you could always
make a separate key for signing.)
Now the thing that I _do_ wonder about, Chris, is why you want to hash
the plaintext files? Why not hash them encrypted? (No need to
decrypt-then-hash-then-encrypt a bunch of files.)
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
Quitting? You're quitting like a quitter? I have no
room for quitters on my team! You're fired!
--
Of all the things the problem that wasn't his was,
being not his problem wasn't one of them.
--
No situation is so dire that panic cannot make it worse.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 878 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111112/54093f45/attachment.pgp>
More information about the Gnupg-users
mailing list