Endpoint Encryption

 View Only

  • 1.  Can I create separate signed and encrypted PGP files?

    Posted Jan 28, 2013 03:27 AM

    Hello all,

    Here's the situation I have. I have external parties who are supposed to PGP sign/encrypt files sent to us. When we receive the signed/encrypted files, we will perform the signature verify checks, and if ok, save the file for processing. We are also required to save JUST the signed copy of the file.

    To allow the above, I could only think of at the sending end, the following steps:

    1) pgp --sign file --signer A --passphrase **** --output file.signed

    2) pgp --encrypt file.signed -r B --output file.signed.enc

    On the receiver end:

    3) pgp --decrypt file.signed.enc --passphrase **** --output Receive_file.signed

    4) pgp --verify Receive_file.signed

    But the problem is, step (4) does not allow me to output the file. It just tells me the suggested output file name is ...

    Is there a way to make step (4) output the original file contents if the signature is good?

    Thanks!



  • 2.  RE: Can I create separate signed and encrypted PGP files?

    Posted Jan 28, 2013 04:43 AM

    Ah this was similar to your other post that describes the issue in more detail.

    What about moving the file somewhere or renaming?

     

    if [ "pgp --verify Recieve_file.signed | grep -i "3035:good signature"" ]
    then
    mv Recieve_file.signed /tmp/Receive_file.verified
     
    Something like that?


  • 3.  RE: Can I create separate signed and encrypted PGP files?

    Posted Jan 28, 2013 05:34 AM

    Hello Alex,

    Thanks for replying.

    In your approach, the Receive_file.signed or Receive_file.verified would be the original file contents with an embedded signature. How can I extract the original contents from a signed file?

     



  • 4.  RE: Can I create separate signed and encrypted PGP files?

    Posted Jan 28, 2013 06:42 AM

    So you want to be able to remove all the PGP bits so the original email contents remain is that right?  Or am I way off



  • 5.  RE: Can I create separate signed and encrypted PGP files?

    Posted Jan 28, 2013 08:28 PM

    Yes, Alex. I want to be able to extract the original contents after the signature is successfully verified.

    Based on the workflow I described, the output of the decryption would be the signed original file. But I was not able to extract the original contents from this file.

    Our intention is to keep a copy of the signed file for future verification. If we keep the signed/encrypted file, then we may have to archive the PGP private key in the event we need to decrypt on a future date when the private key has been renewed.

     



  • 6.  RE: Can I create separate signed and encrypted PGP files?

    Posted Jan 29, 2013 03:45 AM

    Like the other post with a similar scenario, you can use --decrypt to extract the file content.  This is purely for archival purposes of other people searching the Symantec forums :)