[ale] GPG Key Creation Question
Bob Toxen
bob at verysecurelinux.com
Sun Nov 2 22:59:51 EST 2003
On Fri, Oct 31, 2003 at 11:15:39AM -0500, Jonathan Glass wrote:
> If I create a public/private key pair with no passphrase, then use the
> public key to encrypt, and remove the private key from the machine, what
> are the odds of compromise?
> I'm trying to encrypt personal information from a web form. I was
> thinking about using the public key on the submission/validation page to
> encrypt the information, then inserting the encrypted text into the MySQL
> db. Then, on the management screen, I'd have a place for the
> administrator to upload the private key (from a USB key-chain drive, or
> CD) for the decryption. Does this sound like a good or bad idea?
Sounds like a secure plan.
> I'm not feeling much love using the php-mcrypt functions using RH8 rpms,
> so for today that is not an option. If I need to rebuild/reinstall PHP
> from source, I can do that next week...just not today.
> Thanks!
> --
> Jonathan Glass
> Systems Support Specialist II
> IBB/GTEC
> Office: 404-385-0127
> Cell: 404-444-4086
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
More information about the Ale
mailing list