Decrypting GPG/PGP email messages

[Alessandro Bottoni]

Piet van Oostrum wrote:
> What benefit is there in encrypting the messages? It would only prevent
> people intercepting the message from seeing what's inside, but it won't
> give you any additional protection on the server.

You are right. Bad guys can still try to send garbage to my system and, with
some luck, can mess everything up. After reading your message I decided to
add some more control over what the remote user can do and how he can reach
the server:
- a list of allowed users (based on e-mail identity plus OTP, see below)
- a list of allowed commands (still with root-level ones, I'm afraid)
- chroot for the most dangerous commands, when possible
It is still dangerous but, frankly, I could not do any better.

> And if somebody can intercept the messages there is a much bigger danger:
> They could save the message and replay it later. You can't protect against
> this with encryption (well, with encryption they won't know what they
> are doing). Neither with a digital signature. Only checking timestamps,
> keeping track of the messages received and/or a challenge/response system
> will help in this case.

You are right again. As a consequence, I decided to add a one-time-password
to the encrypted message, in order to be sure of the sender identity and of
the uniqueness of the message (the OTP works as a sequence item identifier,
as well).

I'm going to use my own implementation of OTP because the existing mechanism
are devoted to protect the remote login channel and cannot be easily
adapted to my weird e-mail-based mechanism. Anyway, I'm going to use a
(encrypted) very long pseudo-random alpha-numeric sequence as a OTP so it
should be quite safe.

> If you only sign, it will be sufficient, but there is a more complete one
> (including decryption) in
> http://trac.t7a.org/isconf/file/trunk/lib/python/isconf/GPG.py

Thanks for this info. I'm studying it.

-----------------------------------
Alessandro Bottoni