Find the answer to your Linux question:
Results 1 to 2 of 2
I'm working on large testing/simulation system that, amongst other responsibilities, must capture live data for later playback. We are looking at security for this system as a secondary measure (we ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2009
    Posts
    13

    Is GPG my best method of signing files?


    I'm working on large testing/simulation system that, amongst other responsibilities, must capture live data for later playback. We are looking at security for this system as a secondary measure (we don't think anyone will try to break it, a cracker can't do much harm if he does break it, but we want it secure anyways...so long as it doesn't cost too much time/money).

    Due to the complexity of the capture file attempting to screen all the data contained within for data injection, buffer overflow etc would be difficult, so instead I'm proposing we sign capture files which we generate, then check the signature when playing captures back. If a capture file came from one of our system(s) we will assume it contains only valid data. We would only sign files, not encrypt, were relying on anonymization to protect secure data from the capture.

    ..now that I described my situation I have a few questions which I believe should be quick answers for security experts out there.

    1) Is GPG the best system for this? I don't need anything too complicated; we don't even have network access so I don't care about a 'web of trust'. (we would probably leave it up to the sys-admin to install new keys when necessary, it’s not fancy but I only expect a grand total of two private keys, one for each of 2 systems, to every exist)

    2) Are there any .SO out there for compiling GPG directly into a C/C++ application?

    3) Can anyone give me an idea of the time frame it takes to encrypt/decrypt a large file with GPG?

    4) Am I correct when I assume that checking a file signature would also check for file corruption in much the same way that using a MD5 checksum would?

    5) Have I made any “god this man is an idiot” mistakes that would mean my purposed solution won’t even work

    All answers are appreciated. Thank you.

  2. #2
    Just Joined!
    Join Date
    Apr 2010
    Location
    Ankara
    Posts
    10
    GPG is the best but gnupg is used generally in applications which is full replacement of GPG. i suggest this library. It conforms to RFC4880 standard. If this standard is suitable for your requirements, use it or search another.
    MD5 is just the one supported algorithm under GPG. other algorithms also supported by gnupg such as DSA, RSA, AES, SHA1 etc...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •