[ale] emailing public dsa key (good, bad or ugly?)

Joe Knapka jknapka at kneuro.net
Thu Jan 26 00:19:20 EST 2006


Sid Lane wrote:

> hey,
>
> I am in the process of setting up an automated file transfer to an 
> external vendor who has agreed to scp over ssh2 but is asking me to 
> email the public key to them.
>
> is there any risk in doing this via email?  I understand the basic 
> principles of asymetric cryptography and that it shouldn't be possible 
> to decrypt w/the public key.

Sure it is. You can decrypt any message encrypted with the private key.

>
> I was just wondering if there are any attacks/exploits that knowing it 
> make easier.  FWIW, box that will be pushing to them is behind (a 
> couple of) firewall(s) so nothing in the wild should even be able to 
> attempt to initiate an ssh (or anything else for that matter) to it.

Wait...  *You* will be sending data to *them*? In that case, you need 
*their* public key,
not the other way around.  The public key is the one you encrypt with if 
you want your
message to stay private;  the private key is the one you encrypt with if 
you want the
receiver to be able to verify your identity.

Cheers,

-- JK

> what say ye all?  o.k. to email or scp it w/password for now.
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>





More information about the Ale mailing list