LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Question on an encryption system (using OSS)

[ILUG] Question on an encryption system (using OSS)

Proinnsias Breathnach proinnsias at linux.ie
Tue Sep 13 12:15:21 IST 2005 

On Tue, Sep 13, 2005 at 11:55:38AM +0100, John P. Looney wrote:
>  No, it sounds good. But the way I'd do it would be collect public keys
> for from anyone that pays you for the software. Any software release would
> then contain the following;
>     The tarball, encrypted with your "release key"
>     A tarball of the private parts of the release key, each encrypted with
>            the paying users (one per user).
>     And maybe a script to unpack it all.

Which, unfortunately, won't stop the release key getting out into the
wild, unless each release uses a different key. Of course - even this
won't prevent the release key getting into the wild for a particular
release.

Essentially - once a user decrypts your release-key using his key,
there's the potential that it gets into the wild. This method will
quickly head into "security through obscurity" which is probably not
what you want.

I'd be leaning towards some flavour of gpg encrypted/signed call-home
registration method. Registration script to encrypt to your public
release-key a message which is signed by the users' key. To which the
server replies with a decrypt-key encrypted to the user-key. The script
would only store the decrypt-key in memory, avoiding most of the vectors
for its getting out into the wild. 

Of course, the registration server would only respond to requests signed
by recognised users' keys.

P
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux.ie/pipermail/ilug/attachments/20050913/f124e5a9/attachment.pgp

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell