Re: File encryption

From: Randy Kramer (rhkramer@fast.net)
Date: Mon Sep 23 2002 - 11:39:42 EDT

  • Next message: Michael Ward Cole: "Abiword and en US Dictionary"

    On Monday 23 September 2002 08:12 am, F J Franklin wrote:
    > I don't think so. On the subject, what types of encryption would you
    > consider appropriate/sufficient/adequate? In the case of
    > public/private key encryption, how should AbiWord handle it (if/when
    > it does)?
    >
    > A thought: encrypting on export with author's private key, with a
    > URL for the author's public key - which gets loaded automatically on
    > import? Optionally vice versa. (Need to check the W3C's encryption
    > standard.)
    >

    Interesting -- what you describe it the way to authenticate (that is,
    guarantee that what is read was written by the purported author) --
    however, it does nothing for keeping the contents a secret -- anyone
    with the author's public key can read it -- so I would say this is
    definitely backwards for that purpose. There is probably a need to
    support several possibilities:

    For authentication:
       * encrypt with the author's private key -- anybody can view contents
    with author's public key, but if the author's public key has been
    properly "safeguarded / authenticated" you can be sure it was written
    by the author

    For personal secrecy:
       * encrypt with the author's public key -- only the author can read
    it (using his private key)

    For "transactional" secrecy:
       * encrypt with the addressee's public key -- only the addressessee
    can read it (using his private key)

    And, if you are sending a secret to multiple addressees, I'm sure there
    is a way to handle it, but we should learn what it is -- having several
    different encryptions of the same message may make it easier to break
    the encryptions (I'm not really sure) -- you may have to do something
    like encrypt it with your private key and then send separate copies
    encrypted with each addressee's public key.

    All of this has been considered "in the literature" and AbiWord should
    conform to the appropriate standards (whatever they are).

    Randy Kramer
    -----------------------------------------------
    To unsubscribe from this list, send a message to
    abiword-user-request@abisource.com with the word
    unsubscribe in the message body.



    This archive was generated by hypermail 2.1.4 : Mon Sep 23 2002 - 11:36:33 EDT