netbsd-users: Re: easiest way to encrypt a file?

Subject: Re: easiest way to encrypt a file?
To: Jeremy C. Reed <reed@reedmedia.net>
From: Stefan Schumacher <stefan@net-tex.de>
List: netbsd-users
Date: 12/17/2004 20:16:35

--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Also sprach Jeremy C. Reed (reed@reedmedia.net)
> I want to place a DSA key file on a server not maintained by myself. It is
> pass-phrase protected, but still I don't want the file used.

Shall the key simply be backuped there or do you want to use (decrypt)
it on the server? If you want to decrypt it there, you don't need
further encryption at all.

> What is the easiest way to encrypt a file with a key to decrypt?

PGP. Or something with RSA support like OpenSSL. But RSA should be
considered insecure with less than 2048 bits today.=20

> I have used zip and pgp and gpg to encrypt files. But what other ways do
> you suggest?

Use PGP/GPG or mcrypt. Forget ZIP.

> Anything in the NetBSD base? (And examples?)

OpenSSL is in base and can:

	o  Creation of RSA, DH and DSA key parameters
	o  Calculation of Message Digests
	o  Encryption and Decryption with Ciphers
	[...]

openssl_rsautl(1) offers some examples.=20

But I use either pkgsrc/security/cfs oder cgd(4) for encrypted
directories/partitions or pkgsrc/security/mcrypt, which offers a lot
of options, including RFC2440 for symmetric encryption of files.


--=20
PostgreSQL at 21. Chaos Communication Congress


https://21c3.ccc.de/wiki/index.php/PostgreSQL

--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iD8DBQFBwz6jEfTEHrP7rjMRAgsIAKChpVfcD2pQkeGqJvcNlfka9TzHuwCfbRzT
9ldRr94d1jOnwlbR8/9+5LQ=
=11jr
-----END PGP SIGNATURE-----

--6TrnltStXW4iwmi0--