[ale] emailing public dsa key (good, bad or ugly?)

Michael Hirsch mdhirsch at gmail.com
Wed Jan 25 18:52:03 EST 2006


Why bother?  Why not just send the public key?  Isn't that why it's called
"public"?  It should be safe to publish the key in an newspaper or blog.  Is
there a risk we haven't heard of?

You solution requires him to publish his public GPG key.  Doesn't the same
question apply?

Michael

On 1/25/06, James P. Kinney III <jkinney at localnetsolutions.com> wrote:
>
> Email your GPG ID encrypted with his public key you got from a public
> server. Now he gets you pub key and uses it to email back encrypted with
> your pub key a phrase you used over the phone. This has verified each
> others keys and identities. Now send the ssh key encrypted with his pub
> key by email.
>
> On Wed, 2006-01-25 at 13:58 -0500, Sid Lane wrote:
> > hey,
> >
> > I am in the process of setting up an automated file transfer to an
> > external vendor who has agreed to scp over ssh2 but is asking me to
> > email the public key to them.
> >
> > is there any risk in doing this via email?  I understand the basic
> > principles of asymetric cryptography and that it shouldn't be possible
> > to decrypt w/the public key.
> >
> > I was just wondering if there are any attacks/exploits that knowing it
> > make easier.  FWIW, box that will be pushing to them is behind (a
> > couple of) firewall(s) so nothing in the wild should even be able to
> > attempt to initiate an ssh (or anything else for that matter) to it.
> >
> > what say ye all?  o.k. to email or scp it w/password for now.
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> --
> James P. Kinney III          \Changing the mobile computing world/
> CEO & Director of Engineering \          one Linux user         /
> Local Net Solutions,LLC        \           at a time.          /
> 770-493-8244                    \.___________________________./
> http://www.localnetsolutions.com
>
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQBD19SAYZCtw4KcbKcRArP9AJ0Z/UHoDBajoUy1ojHRhnTeCOurWACfV2rU
> I4GL6hUL1YirSELlWaJO2K0=
> =EvQw
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list