> > How about if you append a hash of the file to the file, and encrypt that > > too? Then have the remote machine do the trial decrypt-and-check-hash. If > > all is OK the remote machine can then tell the local one to delete the > > original; and if it's not OK, it can scream at you. > > Better than that, if you get GPG to sign the file when it encrypts it > (using a passwordless key/subkey) and/or use the MDC option, you'll be > able to do this more reliably...
Wasn't the original poster looking for something which didn't require
trusting one particular piece of software? If they're happy to go with
gpg, or to use two different PGP implementations at the two ends, then
sign+encrypt would indeed appear to cover it.
(Of course, it's not quite true signing, in the sense that it's only there
as a check against corruption, and the signing key will be visible on the
source machine.)
--
Dr George D M Ross, School of Informatics, University of Edinburgh
Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ
Mail: [EMAIL PROTECTED] Voice: +44 131 650 5147 Fax: +44 131 667 7209
PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5
pgpvmdXJWngTW.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
