Thanks for your comments.

First off, to answer your second concern, I'm now using Storable's freeze/thaw so I'm no longer eval-ing code directly.

Secondly, you should never execute code that someone else has sent you; see mjd's Memoize Makefile.PL for example. I never said that Data::Encrypted would make that safe.

Now, to your first point (about security vs. hassle). You are absolutely correct: #1 is the way I currently use it, which means that it is as secure as my unix filesystem is secure (i.e. if my private key can be obtained, then it's no longer secure). I don't want to do #2 because it defeats the whole purpose of not storing sensitive info in plaintext.

#3 is not really quite so bad: I could detect that a passphrase is required to unlock the stored data: you would only be prompted for it once, and it would be the same passphrase you always use. (As opposed to that pesky database login/password that you only use once a month to generate the new sales report, and have to always lookup (or store in the script in plaintext)).

Of course you're right, if #3 becomes the "norm", then conventional cryptography would work just as well (you're passphrase is then the "salt", etc). My entire reason for using the public key RSA system was to take advantage of a system that was already in place (and could personalize/lock the script into being usable only by myself, without also knowing the right sensitive information stored within).

Thanks again for your comments!

-Aaron

In reply to Re: Re: RFC Data::Encrypted by Anonymous Monk
in thread RFC Data::Encrypted by amackey

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.