[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP help and comments.
>J. Michael Diehl <[email protected]> writes:
>> I would like to use pgp on the mainframes, but don't want to store my secret
>> key on their disks. Would it be possible to have pgp accept it's secret key
>> via stdin. I could do an ascii upload of my secret key and never expose my
>> key to disk-storage.
>
> This is even more dangerous than storing it on the disks of a multi-user
> machine. Unless you are running in a kerberos environment it is trivial to
> snoop your upload off the network, and even without that weakness you are
> exposing yourself to the same problem that the docs mention (it is really
> pretty easy to scan someone's terminal input) only you are giving them the
> key outright instead of only giving them the passphrase to your key.
Point taken.
>
> Bad idea.
Sure is. Thanx.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.2
mQBNAiu21SIAAAECAMKkKKP4JIxSPR7rOUZ7mbi6yDPfFa7T6zOtOBX8iI939tIU
9JFTxdyvTejK3qmYDGozNaqySQ/0++nGqZgikcsABRG0LUouIE1pY2hhZWwgRGll
aGwsIG1lLCA8bWRpZWhsQHRyaXRvbi51bW4uZWR1Pg==
=YquS
-----END PGP PUBLIC KEY BLOCK-----