[ale] emailing public dsa key (good, bad or ugly?)
Joe Knapka
jknapka at kneuro.net
Thu Jan 26 00:19:20 EST 2006
Sid Lane wrote:
> hey,
>
> I am in the process of setting up an automated file transfer to an
> external vendor who has agreed to scp over ssh2 but is asking me to
> email the public key to them.
>
> is there any risk in doing this via email? I understand the basic
> principles of asymetric cryptography and that it shouldn't be possible
> to decrypt w/the public key.
Sure it is. You can decrypt any message encrypted with the private key.
>
> I was just wondering if there are any attacks/exploits that knowing it
> make easier. FWIW, box that will be pushing to them is behind (a
> couple of) firewall(s) so nothing in the wild should even be able to
> attempt to initiate an ssh (or anything else for that matter) to it.
Wait... *You* will be sending data to *them*? In that case, you need
*their* public key,
not the other way around. The public key is the one you encrypt with if
you want your
message to stay private; the private key is the one you encrypt with if
you want the
receiver to be able to verify your identity.
Cheers,
-- JK
> what say ye all? o.k. to email or scp it w/password for now.
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
More information about the Ale
mailing list