[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP help and comments.



>J. Michael Diehl <[email protected]> writes:
>> I would like to use pgp on the mainframes, but don't want to store my secret
>> key on their disks.   Would it be possible to have pgp accept it's secret key
>> via stdin.  I could do an ascii upload of my secret key and never expose my
>> key to disk-storage.
> 
> This is even more dangerous than storing it on the disks of a multi-user
> machine.  Unless you are running in a kerberos environment it is trivial to
> snoop your upload off the network, and even without that weakness you are
> exposing yourself to the same problem that the docs mention (it is really
> pretty easy to scan someone's terminal input) only you are giving them the
> key outright instead of only giving them the passphrase to your key.

Point taken. 
> 
> Bad idea.

Sure is.  Thanx.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.2
 
mQBNAiu21SIAAAECAMKkKKP4JIxSPR7rOUZ7mbi6yDPfFa7T6zOtOBX8iI939tIU
9JFTxdyvTejK3qmYDGozNaqySQ/0++nGqZgikcsABRG0LUouIE1pY2hhZWwgRGll
aGwsIG1lLCA8bWRpZWhsQHRyaXRvbi51bW4uZWR1Pg==
=YquS
-----END PGP PUBLIC KEY BLOCK-----