Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Dec 2009
Is GPG my best method of signing files?
Due to the complexity of the capture file attempting to screen all the data contained within for data injection, buffer overflow etc would be difficult, so instead I'm proposing we sign capture files which we generate, then check the signature when playing captures back. If a capture file came from one of our system(s) we will assume it contains only valid data. We would only sign files, not encrypt, were relying on anonymization to protect secure data from the capture.
..now that I described my situation I have a few questions which I believe should be quick answers for security experts out there.
1) Is GPG the best system for this? I don't need anything too complicated; we don't even have network access so I don't care about a 'web of trust'. (we would probably leave it up to the sys-admin to install new keys when necessary, it’s not fancy but I only expect a grand total of two private keys, one for each of 2 systems, to every exist)
2) Are there any .SO out there for compiling GPG directly into a C/C++ application?
3) Can anyone give me an idea of the time frame it takes to encrypt/decrypt a large file with GPG?
4) Am I correct when I assume that checking a file signature would also check for file corruption in much the same way that using a MD5 checksum would?
5) Have I made any “god this man is an idiot” mistakes that would mean my purposed solution won’t even work
All answers are appreciated. Thank you.
- Join Date
- Apr 2010
GPG is the best but gnupg is used generally in applications which is full replacement of GPG. i suggest this library. It conforms to RFC4880 standard. If this standard is suitable for your requirements, use it or search another.
MD5 is just the one supported algorithm under GPG. other algorithms also supported by gnupg such as DSA, RSA, AES, SHA1 etc...