On Tue, Sep 13, 2005 at 11:55:38AM +0100, John P. Looney wrote:
> No, it sounds good. But the way I'd do it would be collect public keys
> for from anyone that pays you for the software. Any software release would
> then contain the following;
> The tarball, encrypted with your "release key"
> A tarball of the private parts of the release key, each encrypted with
> the paying users (one per user).
> And maybe a script to unpack it all.
gpg/pgp already provide this. you can encrypt a single file to multiple
keys. the resulting file contains the following:
"key" encrypted with public key 1
"key" encrypted with public key 2
"key" encrypted with public key 3
...
"key" encrypted with public key n
"content" encrypted with symetric cipher using "key"
*however* each time "key" is encrypted it adds several hundred bytes to a
the resulting file. that fails to scale at some point.
kevin
--
Kevin Lyda -=-=-=-=-=- Who do you have to blow to get a
kevin at ie.suberic.net -=-=-=- president impeached around here?!
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
