[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Public key risks

To: dick@cfcl.com (Dick Karpinski)
Subject: Re: [MacPerl] Public key risks
From: pudge@pobox.com (Chris Nandor)
Date: Thu, 10 Jul 1997 17:34:01 -0500
Cc: dmacks@netspace.org, mac-perl@iis.ee.ethz.ch

At 14.21 7/10/97, Dick Karpinski wrote:
>>Even public-key doesn't seem safe...the whole problem is that anyone who
>>sniffs packets sees everything that gets sent, in whatever for it's sent.
>
>THat is exactly the circumstance where public key is safe.  THe key is
>public and things encrypted with it are private, as long as the private
>key is still private.  Even if the message and the public key are printed
>in every newspaper in the world.

I think he meant sending the password to the key over the net (in order to
verify ownership).

But if you want to have the user send an encrypted passphrase using his
secret key, MacPGP.pm can automate the process of decrypting it.  The code
below would, given text to decrypt and your default secret key password,
decrypt the text, match it against a set phrase, and check the result.  You
could also check the signature and match it against a list of signatures
instead.

#!perl
use Mac::Apps::MacPGP;
$pgp = new MacPGP;
$et = $encrypted_text_from_form;
if (
        $pgp->decrypt('dcrd',$et,$mypassword') eq 'mytext'
        && $pgp->checksignresult
) {
        $userverified++;
}

--
Chris Nandor             pudge@pobox.com             http://pudge.net/
%PGPKey=('B76E72AD',[1024,'0824 090B CE73 CA10  1FF7 7F13 8180 B6B6'])

***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch

Prev by Date: Re: [MacPerl] Public key risks
Next by Date: Re: [MacPerl] Dangerous cgi-script
Prev by thread: Re: [MacPerl] Public key risks
Next by thread: [MacPerl] Compiling Runtime
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net