[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] emailing public dsa key (good, bad or ugly?)
- Subject: [ale] emailing public dsa key (good, bad or ugly?)
- From: jknapka at kneuro.net (Joe Knapka)
- Date: Wed, 25 Jan 2006 22:19:20 -0700
- In-reply-to: <[email protected]>
- References: <[email protected]>
Sid Lane wrote:
> hey,
>
> I am in the process of setting up an automated file transfer to an
> external vendor who has agreed to scp over ssh2 but is asking me to
> email the public key to them.
>
> is there any risk in doing this via email? I understand the basic
> principles of asymetric cryptography and that it shouldn't be possible
> to decrypt w/the public key.
Sure it is. You can decrypt any message encrypted with the private key.
>
> I was just wondering if there are any attacks/exploits that knowing it
> make easier. FWIW, box that will be pushing to them is behind (a
> couple of) firewall(s) so nothing in the wild should even be able to
> attempt to initiate an ssh (or anything else for that matter) to it.
Wait... *You* will be sending data to *them*? In that case, you need
*their* public key,
not the other way around. The public key is the one you encrypt with if
you want your
message to stay private; the private key is the one you encrypt with if
you want the
receiver to be able to verify your identity.
Cheers,
-- JK
> what say ye all? o.k. to email or scp it w/password for now.
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>