On Wed, 2002-07-24 at 16:32, Nuccio, Vincent wrote: > Hi ya'll... > > The development team and I are trying to determine the best solution in > 'encrypting' the variable $userid. > > > !*********************************************************************** > BEGIN-PROCEDURE Encrypt-Files > !*********************************************************************** > let $userid = 'ABCDEFGH' > do encrypt_pgp($filename,$userid,#status) > if #status <> 0 > show 'Failed to Encrypt the File' > else > do get-current-datetime > show 'Successfully Encrypted the File ' $sysdatetime > end-if > END-PROCEDURE > > If you look at the above procedure, the var $userid = 'ABCDEFGH' and we call > it a Public Key for the Vendor. It is used to encrypt the file at our end > and used to decrypt the file at their end. However, from Security point of > view it is not a good idea to have that KEY value hard-coded in the program. If you are using PGP, who cares? You pass PGP the key ID and it encrypts to the public key. Doesn't really matter who sees the key ID, what matters is the password on the private key, which if you are sending something to someone, you should not have their private key. > Two possibilities: I would go with a table linking the PGP key ID to your vendors and not hard code it. -- ...Rob ===================================================================== Robert Goshko Axis Computer Consulting Services, Inc President Sherwood Park, Alberta, Canada http://www.axis-dev.com/ Supporting the Revolution In Your World ===================================================================== Registered Linux User #260513 10:23am up 2:32, 2 users, load average: 1.22, 1.25, 1.16
Attachment:
signature.asc
Description: This is a digitally signed message part