Re: PGP 5.5 CMR/GAK: a possible solution
mark@unicorn.com writes:
When a customer wishes to send email to Joe, he would use this public key. When encrypting, PGP would detect the tag and put up a dialog box pointing out that this is a corporate key and if they click on the 'confidential' button it will be encrypted to the user's personal key prior to encrypting to the corporate key (by which I mean superencryption, to avoid traffic analysis). The default would be not to superencrypt; and as a side effect this system would be compatible with any version of PGP for non-confidential mail (assuming that version understands the encryption algorithms in use).
Neat, automatic superencryption. Could the same idea work with the Pgp method with the CMR key? You would encrypt to the user first, then reencrypt to the combination of user and CMR key. Would this prevent GAK?
Anonymous writes:
mark@unicorn.com writes:
[super encrypt instead of CMR]
Neat, automatic superencryption.
Could the same idea work with the Pgp method with the CMR key? You would encrypt to the user first, then reencrypt to the combination of user and CMR key.
I think that is redundant -- if only the user can decrypt to get the actual plaintext -- you'd just as well send encrypted to the user alone. Super encrypting with a non-CMRed company key is perhaps what you are thinking, and then encrypting internally to user and CMR key. This would be a definate improvement over straight forward CMR because it is effectively a poor-mans Transport Level Security (TLS), and therefore denies access to the ciphertext (and attached CMR recovery info) to governments and other intruders. Still I think better yet not to send recovery information over the wire at all, unless there is a user requirement for message screening. The stated corporate user requirement for CMR by PGP Inc is recovery of stored files. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (2)
-
Adam Back -
Anonymous