[Date Prev][Date Next][Thread Prev][Thread Next]
[Author Index] [Date Index] [Thread Index]
[SQR-USERS Info] [SQRUG Home Page]

Re: PGP

Subject: Re: PGP
From: Arun Kumar <arunkumar13@YAHOO.COM>
Date: Thu, 25 Jul 2002 10:23:26 -0700
In-reply-to: <001101c23377$ffead4e0$b62de2d1@expressvu.ca>

Vince,
The userid in pgp is just the name associated with the
email, right? if you are only hard coding the name not
the email address itself then why it should be
sensitive?


HTH

--- John Willson <jwillson@DSSLTD.COM> wrote:
> Hi Vincent, if you try either of the two approaches
> below you get into key
> (variable) management.  Which means you also have to
> think about generation,
> distribution, storage, destruction, and update of
> keys.  This also includes
> key length, lifetime, and its own security.  As
> another approach you might
> want to consider a third party public key holder who
> performs the
> authentication for you.  RSA Data Security Inc. has
> a lot of information on
> public key cryptosystems.  You might also want to
> view the Verisign site.
>
> John Willson
>
> PS.  I am not connected with either of these
> companies but use an RSA
> algorithm for my key management needs.
>
> ----- Original Message -----
> From: "Nuccio, Vincent" <vincent.nuccio@ATTWS.COM>
> To: <SQR-USERS@list.iex.net>
> Sent: Wednesday, July 24, 2002 4:32 PM
> Subject: PGP
>
>
> > Hi ya'll...
> >
> > The development team and I are trying to determine
> the best solution in
> > 'encrypting' the variable $userid.
> >
> >
> >
>
!***********************************************************************
> > BEGIN-PROCEDURE Encrypt-Files
> >
>
!***********************************************************************
> >               let $userid =  'ABCDEFGH'
> >               do
> encrypt_pgp($filename,$userid,#status)
> >                 if #status <> 0
> >                     show 'Failed to Encrypt the
> File'
> >                 else
> >                     do get-current-datetime
> >                     show 'Successfully Encrypted
> the File ' $sysdatetime
> >                 end-if
> > END-PROCEDURE
> >
> > If you look at the above procedure, the var
> $userid = 'ABCDEFGH' and we
> call
> > it a Public Key for the Vendor. It is used to
> encrypt the file at our end
> > and used to decrypt the file at their end.
> However, from Security point of
> > view it is not a good idea to have that KEY value
> hard-coded in the
> program.
> >
> > Two possibilities:
> >
> > 1) Create a setup table with PRCSNAME as Key and
> store the Key value in
> the
> > table for each process (interface). Then write a
> common procedure to read
> it
> > from this table for that particular interface.
> > 2) Store the Key values in a text file and write
> some code (unsure) to
> read
> > the text file to read the Key value for the
> particular interface.
> >
> > Neither one is totally secure, but, it is much
> better than having to
> > hard-code in the SQR.
> >
> > Does anyone know a better solution?
> >
> > Thanks!
> >
> > Vince Nuccio
> >
> > AT&T Wireless Services
> > Redmond, Washington
> > email me at:      <
> <mailto:vincent.nuccio@attws.com>
> > mailto:vincent.nuccio@attws.com>
> > page me at:       <  <mailto:vnuccio@my2way.com>
> mailto:vnuccio@my2way.com>
> > call me at:         711, ask for (425) 580-8888 ~
> TTY
> > visit us at:         <
> <http://itpeoplesystems.attws.com>
> > http://itpeoplesystems.attws.com>
> >
> > "Stuck? Ask for help and it is ok not to know
> everything!"
> >
> >
> >
> > -----Original Message-----
> > From: Nuccio, Vincent [
> <mailto:vincent.nuccio@ATTWS.COM>
> > mailto:vincent.nuccio@ATTWS.COM]
> > Sent: Thursday, July 18, 2002 3:06 PM
> > To: SQR-USERS@list.iex.net
> > Subject: Re: PGP
> >
> >
> > Thanks for the responses and here is my next
> question.
> >
> > What would be the best way to hide the KEY?
> >
> > A separate file, I suppose?
> >
> > Vince Nuccio
> >
> > AT&T Wireless Services
> > Redmond, Washington
> > email me at:      <
> <mailto:vincent.nuccio@attws.com>
> > mailto:vincent.nuccio@attws.com>
> > page me at:       <  <mailto:vnuccio@my2way.com>
> mailto:vnuccio@my2way.com>
> > call me at:         711, ask for (425) 580-8888 ~
> TTY
> > visit us at:         <
> <http://itpeoplesystems.attws.com>
> > http://itpeoplesystems.attws.com>
> >
> > "Stuck? Ask for help and it is ok not to know
> everything!"
> >
> >
> >
> > -----Original Message-----
> > From: Nuccio, Vincent [
> <mailto:vincent.nuccio@ATTWS.COM>
> > mailto:vincent.nuccio@ATTWS.COM]
> > Sent: Thursday, July 18, 2002 10:27 AM
> > To: SQR-USERS@list.iex.net
> > Subject: PGP
> >
> >
> > I am trying to determine the best solution to
> encrypt all of our files
> that
> > we send through our FTP server.  Do anyone of you
> know the best way to
> code
> > the PGP in SQRs?
> >
> > Thanks.
> >
> > Vince Nuccio
> >
> > AT&T Wireless Services
> > Redmond, Washington
> > email me at:      <
> <mailto:vincent.nuccio@attws.com>
> > mailto:vincent.nuccio@attws.com>
> > page me at:       <  <mailto:vnuccio@my2way.com>
> mailto:vnuccio@my2way.com>
> > call me at:         711, ask for (425) 580-8888 ~
> TTY
> > visit us at:         <
> <http://itpeoplesystems.attws.com>
> > http://itpeoplesystems.attws.com>
> >
> > "Stuck? Ask for help and it is ok not to know
> everything!"
> >
> >


__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com

References:
- Re: PGP
  - From: John Willson <jwillson@DSSLTD.COM>

Prev by Date: Re: PAY003 - Can't Print Signatures From HP Secure Card
Next by Date: Re: PAY003 - Can't Print Signatures From HP Secure Card
Previous by thread: Re: PGP
Next by thread: Re: PGP
Indexes: [ Thread] [ Author] [ Date]
SQR-USERS List and Archive Info
SQRUG Home Page