[clue] Securing data in transit/at rest.
Aaron D. Johnson
adj at fnord.greeley.co.us
Mon Nov 10 18:51:05 MST 2014
David L. Anselmi writes:
> What do you mean by authenticity and how does encrypting the file
> provide that (and more specifically, how does encrypting the file
> provide it where the SFTP transfer does not)?
If it's encrypted with a public key algorithm (or encrypted with a
symmetric algorithm and then signed with a public key algorithm), and
you possess the encrypting party's public key (and that's the whole
point of public key crypto), you can then be assured the file was
encrypted by that party and that its contents have not been altered in
transit. (Assuming the encrypting party's private key remains
private.) Authenticity.
With SFTP, you don't get that. You get a file transport that's
private. And you can validate the SFTP server's identity because you
(probably) possess its private key. But you have no assurance the
SFTP server wasn't malicious unlees you have a separate mechanism for
verifying your files' authenticity. Which is what a file like
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.17.sign does for
you.
Perhaps that's what your security guys are after. Perhaps not. Hard
to say unless their policy docs have a rationale statement for each
policy. Heck, _they_ probably don't know themselves. :)
- Aaron
More information about the clue
mailing list