Hi all, Silly question… is there a tool for encrypting files with asymmetric keys on OpenBSD? I'm aware of GnuPG in ports, and I'm fine with using that, however I'm curious to know what other options there are out there, especially options that are part of the base system.
I know OpenSSL (and likely LibreSSL) can do RSA for this purpose, although its CLI is more of a debugging tool than an actual encryption tool. I'd also like to use ECC keys (ideally ED25519) for future proofing, since RSA is getting quite long in the tooth now. The use case here is to make an encrypted inbound mail queue: I'll be setting up OpenSMTPD to deliver emails through a script which will encrypt the emails with a public key so they can be collected over SFTP by my home mail server for final delivery. Basically like UUCP of yesteryear, but implemented with OpenSSH. The thinking being that while the emails are "at rest" on the remote server, they're stored encrypted, and apart from maybe destination host details (the destination user is the remote server's problem and can be stored encrypted), there's nothing kept on that remote server in the way of key material that would enable disclosure of the email content -- an attacker would have to catch such emails as they're being received (or compromise host binaries to leak content). This is experimental, done for intellectual curiosity rather than for any real necessity, but you never know… might come in handy. Regards, -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
