RE: How to validate encryption
Thanks. -Original Message- From: Hauke Laging [mailto:mailinglis...@hauke-laging.de] Sent: Friday, August 12, 2011 5:16 PM To: gnupg-users@gnupg.org Cc: Yadav, Amarjeet [Tech] Subject: Re: How to validate encryption Am Donnerstag, 11. August 2011, 15:47:40 schrieb Yadav, Amarjeet: > Hi , > We have requirement where we would like to check for encrypted file > its valid or not before decrypting it. Thanks Why? In order to prevent the usability of GnuPG exploits? If you trust the sender (and his systems) then the simple answer is: Have the sender sign the encrypted file. I hope that would not result in "we would like to check its validity before we check the signature"... Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to validate encryption
On Thu, 11 Aug 2011 15:47, amarjeet.ya...@gs.com said: > We have requirement where we would like to check for encrypted file > its valid or not before decrypting it. You mean whether it has been tampered with? You can't do that without decrypting it. GPG checks that the decrypted file is valid - usually by checking the signature but if it is not signed gpg checks the MDC (modification check code - a kind of checksum). Of course you could use a detached signature (or a hash digest of the file convoyed via a second channel) to detect modification before processing the file. However the entire file needs to be processed in any case. Thus if modifications are rare it would take longer to check the file first and then do the encryption which does yet another check. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to validate encryption
Am Donnerstag, 11. August 2011, 15:47:40 schrieb Yadav, Amarjeet: > Hi , > We have requirement where we would like to check for encrypted file its > valid or not before decrypting it. Thanks Why? In order to prevent the usability of GnuPG exploits? If you trust the sender (and his systems) then the simple answer is: Have the sender sign the encrypted file. I hope that would not result in "we would like to check its validity before we check the signature"... Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users