[ale] GPG Key Creation Question

Jonathan Glass jonathan.glass at ibb.gatech.edu
Fri Oct 31 11:03:23 EST 2003


If I create a public/private key pair with no passphrase, then use the
public key to encrypt, and remove the private key from the machine, what
are the odds of compromise?

I'm trying to encrypt personal information from a web form.  I was
thinking about using the public key on the submission/validation page to
encrypt the information, then inserting the encrypted text into the MySQL
db.  Then, on the management screen, I'd have a place for the
administrator to upload the private key (from a USB key-chain drive, or
CD) for the decryption.  Does this sound like a good or bad idea?

I'm not feeling much love using the php-mcrypt functions using RH8 rpms,
so for today that is not an option.  If I need to rebuild/reinstall PHP
from source, I can do that next week...just not today.

Thanks!
-- 
Jonathan Glass
Systems Support Specialist II
IBB/GTEC
Office: 404-385-0127
Cell: 404-444-4086



More information about the Ale mailing list