Hi all,

Silly question… is there a tool for encrypting files with asymmetric
keys on OpenBSD?  I'm aware of GnuPG in ports, and I'm fine with using
that, however I'm curious to know what other options there are out
there, especially options that are part of the base system.

I know OpenSSL (and likely LibreSSL) can do RSA for this purpose,
although its CLI is more of a debugging tool than an actual encryption
tool.  I'd also like to use ECC keys (ideally ED25519) for future
proofing, since RSA is getting quite long in the tooth now.

The use case here is to make an encrypted inbound mail queue: I'll be
setting up OpenSMTPD to deliver emails through a script which will
encrypt the emails with a public key so they can be collected over SFTP
by my home mail server for final delivery.

Basically like UUCP of yesteryear, but implemented with OpenSSH.

The thinking being that while the emails are "at rest" on the remote
server, they're stored encrypted, and apart from maybe destination host
details (the destination user is the remote server's problem and can be
stored encrypted), there's nothing kept on that remote server in the
way of key material that would enable disclosure of the email content
-- an attacker would have to catch such emails as they're being
received (or compromise host binaries to leak content).

This is experimental, done for intellectual curiosity rather than for
any real necessity, but you never know… might come in handy.

Regards,
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Reply via email to