[ale] emailing public dsa key (good, bad or ugly?)
James P. Kinney III
jkinney at localnetsolutions.com
Wed Jan 25 14:41:52 EST 2006
Email your GPG ID encrypted with his public key you got from a public
server. Now he gets you pub key and uses it to email back encrypted with
your pub key a phrase you used over the phone. This has verified each
others keys and identities. Now send the ssh key encrypted with his pub
key by email.
On Wed, 2006-01-25 at 13:58 -0500, Sid Lane wrote:
> hey,
>
> I am in the process of setting up an automated file transfer to an
> external vendor who has agreed to scp over ssh2 but is asking me to
> email the public key to them.
>
> is there any risk in doing this via email? I understand the basic
> principles of asymetric cryptography and that it shouldn't be possible
> to decrypt w/the public key.
>
> I was just wondering if there are any attacks/exploits that knowing it
> make easier. FWIW, box that will be pushing to them is behind (a
> couple of) firewall(s) so nothing in the wild should even be able to
> attempt to initiate an ssh (or anything else for that matter) to it.
>
> what say ye all? o.k. to email or scp it w/password for now.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list