RE: PGP scripting...

Hi,

Normally I just lurk, however I can find one glaring hole in your setup. I would assume that the main reason you're encrypting the data on disk is to prevent unauthorized persons from viewing said data. However, if an unauthorized person can access the encrypted datafiles, they most likely can access the key files that you said are also locally on disk. This basically makes your encryption process useless, and more importantly, is giving your client a seriously wrong false sense of security.

At a very minimum, I would explain this to your client, and if they still insist on this scheme, I would get a little signed note :)

Just my $0.02 Whatever you do, if you learn of a Java-based PGP package, I'd like to know about it as well! :)

Cheers,
Chris

-----Original Message-----
From: Andrew MacKenzie [mailto:andy@edespot.com] Sent: Tuesday, January 07, 2003 12:02 PM To: secprog@securityfocus.com
Subject: PGP scripting...

I apologize if this is a bit off-topic, but I'd like to ask a question about practical use of PGP. I am a software developer, and have a client
who is making a great attempt at being security conscious (to the extent of
hiring a security consultant).

We (my client) have a system that loads orders into an Oracle DB, and processes billing (Java/Solaris based). One of the 'decrees' from my client is that all files that store 'sensitive' data (customer info and the
like) shall be PGP encrypted, and *never* be stored on a HDD in un-encrypted form (even while processing said file).

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I can understand the desire to archive these files in encrypted forms, and
to encrypt these files while transporting out of the system. But I think
this idea goes a bit too far as to be more counter-productive than useful.
After many days of fighting with 'pgp -f' and modifying processes to use stdin/stdout, I've gotten much of this working.

I would have prefered to use a PGP library (Java code), but was unable to
find any within the timeframe.

My question therefore is: is all this worth the trouble? In order to use
PGP with scripts (or even Java code), the scripts need access to both the
private key and pass phrase (which are stored locally in files). If the system were compromised would any of this help? Is there a better way I could do this than what I am already doing? This is somewhat academic for
me at this point, as my client is inflexible on this point and code has been written, but I'd be interested in hearing your opinions on this subject.

Thanks.

-- 
// Andrew MacKenzie  |  
http://www.edespot.com
// "Those are my principles. If you don't like them I have others." 
//      -- Groucho Marx