Re: Am I asking for trouble using Crypt::OpenPgp this way?

I then give the public key file to my clients and use a script to encrypt a file on thier computers and send it to my server where it is decrypted using my secring file.

The file encryption should be pretty secure, there might be problems with your file transfer, though. How do you get the script to send the file to your server?

I would probably use ssh or scp for that (and give every client a different key for logging in to your machine).

"What should it profit a man, if he should win a flame war, yet lose his cool?"

Comment on Re: Am I asking for trouble using Crypt::OpenPgp this way?

Replies are listed 'Best First'.
Re^2: Am I asking for trouble using Crypt::OpenPgp this way? by boat73 (Scribe) on Feb 02, 2005 at 14:45 UTC
Thanks for the responses. I am actualy reading in the text from a file then posting the encrypted data to a cgi on my web server.	[reply]
Re^3: Am I asking for trouble using Crypt::OpenPgp this way? by Joost (Canon) on Feb 02, 2005 at 14:52 UTC
Well, the weakest part in the chain would probably be the authentication on the CGI script, since unless you're using ssl the HTTP request itself is not encrypted. (I don't suppose you want just anyone to post stuff to the CGI?) It's probably a minor issue, but it could open you up to relatively easy DDOS attacks (depending on the maximum size of the posted data, which IP addresses you allow to connect, etc) "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]
Re^4: Am I asking for trouble using Crypt::OpenPgp this way? by boat73 (Scribe) on Feb 02, 2005 at 15:05 UTC
Thanks again for the input. You have greatly added to my peace of mind. We have methods in place within the cgi so that the data posted will not make it far unless it is in the correct format.	[reply]