Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] search for encrypted information exchange
- Date: Mon, 24 Aug 2009 23:45:51 +0900
- From: Curt Sampson <cjs@example.com>
- Subject: Re: [tlug] search for encrypted information exchange
- References: <20090824125805.GA1466@example.com>
- User-agent: Mutt/1.5.18 (2008-05-17)
On 2009-08-24 14:58 +0200 (Mon), Christian Horn wrote:
> i am looking for a solution to exchange informations/files among
> some sysadmins, meeting these requirements:
> ...
> - the data should be transmitted encrypted
> - the server hosting the data should not be trusted
If you don't trust the server hosting the data, you must have it
encrypted when it leaves the client machine, and remain encrypted
through until it's landed on another client machine. Therefore there's
no needs for SSL, TLS, ssh, or any other similar things; though it won't
hurt to use any of these as transfer mechanisms, you should not do any
extra work to set those up.
At Starling we use individual PGP-encrypted-and-signed files, and ship
them around via subversion. Subversion is probably preferred to git
for this sort of thing because you very definitely want to minimize
conflicts.
We have a bit of code for vim that, when we open an encrypted file, will
turn off all swapping for that file and then filter it through "gpg
--decrypt" when loading and "gpg --encrypted" when saving. You must
be careful to make sure that if the file was encrypted under multiple
IDs, you re-encrypt it under those same IDs after editing. I have a new
version of this script from someone else that helps deal with this,
though I've not had a chance to test it, but ping me if you want a copy.
This should work fine under Windows with the Windows version of gnupg.
The most important thing when doing this is to make sure that you stay
up to date, and make your changes quickly and commit them immediately.
Failing this, you need to merge.
Merging is a bit of a pain: you need to throw away the conflicting
version, load up the two versions that conflict, manually merge the two,
and then commit the new merged version. Good communication is essential,
lest another commit create a further conflict whilst you're doing this.
Better for this sort of thing would be some sort of transactional system
where individual transactions were signed and encrypted. I don't know of
any systems that do this, but if you find one, I'd like to hear about it.
cjs
--
Curt Sampson <cjs@example.com> +81 90 7737 2974
Functional programming in all senses of the word:
http://www.starling-software.com
- Follow-Ups:
- Re: [tlug] search for encrypted information exchange
- From: Stephen J. Turnbull
- Re: [tlug] search for encrypted information exchange
- From: Francois Cartegnie
- Re: [tlug] search for encrypted information exchange
- References:
- [tlug] search for encrypted information exchange
- From: Christian Horn
- [tlug] search for encrypted information exchange
- Prev by Date: [tlug] search for encrypted information exchange
- Next by Date: Re: [tlug] search for encrypted information exchange
- Previous by thread: [tlug] search for encrypted information exchange
- Next by thread: Re: [tlug] search for encrypted information exchange
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |