OK, here's how the two options work.> Or maybe I'm misunderstanding something. The source for the information (My personal computer) is trusted. But what I want to do is create backups of personal data at a remote location (on an untrusted computer). That's why I want the information encrypted both in transit (easy) and at the remote backup location (which is where the question was aimed).
Symmetric: a key is generated, based on a passphrase. You enter the passphrase when encrypting (it must be embedded in your backup script), and again when decrypting.
Asymmetric (public key): Two keys are generated, one public, one private. You use the public one to encrypt, this does not need a passphrase. The data can then *only* be decrypted using the private key, which does also require the passphrase. You also have the option of "signing" the data with your private key (to make tampering obvious), but you must provide your private-key passphrase to sign the data, and you use your public key to verify the signature. Encryption and signing can be used separately or together.
It should be reasonably obvious that if you absolutely trust your local machine, and everyone who has physical access to it, and your passphrase is a good one, that the two are basically equivalent.
However, public-key encryption is generally more secure, because you don't have to keep your passphrase around where everyone can read it. You only use the passphrase to decrypt, which for a backup solution is much less frequent or predictable, and therefore less useful to a potential cracker. You still have to watch your private key, but your passphrase helps to protect that too.
Generally, if you sign data, you want to be physically there to do so. Typical examples are verifying your identity for various legal and contractual reasons. Signing data with an automated batch script is slightly suspect in my view.
--
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: [EMAIL PROTECTED]
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
--
[EMAIL PROTECTED] mailing list
