[clue] Securing data in transit/at rest.

Aaron D. Johnson adj at fnord.greeley.co.us
Mon Nov 10 21:19:39 MST 2014


David L. Anselmi writes:
> So you mean a combination of integrity and sender's identity.  I
> agree that encryption provides integrity (as well as
> confidentiality).  I don't think it provides sender's identity.

Well, let's try this out.  Say you want to send me some top secret
bits.  

  # make top secret bits.
  dd if=/dev/urandom bs=1024 count=1024 of=topsecretbits
  # encrypt the top secret bits and destroy the evidence
  gpg -se -r aaron at fnord.greeley.co.us topsecretbits &&
    shred -u topsecretbits
  # Send 'em to Aaron
  echo put topsecretbits.gpg |
    sftp davesdropboxaccount at secretxfersite.fnord.greeley.co.us

GPG up there encrypted the file with my public key and signed the
encrypted file with your private key.  Its contents are confidential,
only my private key can decrypt it.  And I can rest assured it came
from you -- I have your public key and will be verifying the
signature.

> But I think that SFTP provides confidentiality and integrity just as
> well as file encryption (for the case where the threat is only to
> the data in transit, as I explained in another post).  In addition,
> in some (including my) circumstances SFTP provides sender's identity
> by authenticating the person sending the file.  You can't count on
> that generally but that's my case in this instance.

Given you're stated concern with confidentiality and integrity in
transit, _I_ wouldn't have an objection.  But I don't know where your
security guys are coming from.  I can also rest assured that neither
your ssh client, nor my SSH server has been tampered with as part of
the signature check.  Though I do have the additional burden of
checking both your and my GPG programs now.

> Yes, so that's my complaint.  Their policy is that files must be
> encrypted before sending via SFTP.  But there's no rationale and if
> I pin them down I'd bet the answer is they don't know.  Or they'll
> agree but stick to their policy because "more is better" or "it
> can't hurt".

Just run it through rot13 before you save it the first time.  Maybe
they'll be happy with that.

And Andrew's solution in the following email is terrific.

Have a good night.

- Aaron


More information about the clue mailing list