Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have implemented GnuPG on my shopping cart. The cart is sending the message out correctly but I am unable to decrypt the message. This is a standard feature that comes with the cart so I am confident the message is being sent encrypted.
My question, is there a way to send the message out where it self decrypts when downloaded? I receive these emails and I then forward them to another user that then places the orders.
I have read all the forums I can find, the gnu site and many of the how to guides too. I have seen this demonstrated when I enrolled on the cyber alert email list from Homeland Security. They send it out GnuPG encrypted and when I open the email it is decrypted. I never loaded anything to make that happen. I am presently using Entourage on a Mac.
If need be, I can load a plugin but the other person is on an IBM PC and the
company won't permit any software to be loaded on their system. They have OE 6 they use for an email client.
Please tell me how GnuPG needs to be setup and anything else I need to get this application working.
I really need some direction so I can get my cart implemented.
If the file is being encrypted with GnuPG, you just need to use GnuPG and the appropriate decryption key to decrypt it. What is your definition of "self-decrypts"? There is a thunderbird plugin called enigmail that can open GPG emails for you.
I am using a Mac with Entourage and when I signed up with cyber alerts I received the following email without installing anything on my system:
***********
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA05-221A archive
Microsoft Windows and Internet Explorer Vulnerabilities
Original release date: August 9, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security
Bulletin Summary for August, 2005.
Overview
Microsoft has released updates that address critical
vulnerabilities in Windows and Internet Explorer.
Solution
Apply Updates
Microsoft has released security updates for Windows and Internet
Explorer. To obtain the updates, visit the Microsoft Update web
site. US-CERT also recommends enabling Automatic Updates.
Description
Microsoft Security Bulletins for August, 2005 address
vulnerabilities in Windows and Internet Explorer. These
vulnerabilities may allow an attacker to take control of your
computer or cause it to crash. For more technical information, see
US-CERT Technical Cyber Security Alert TA05-221A.
References
* Microsoft Security Bulletin Summary for August, 2005 -
<http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx>
So, I was hoping there was a way to send an encrypted message and then when it is downloaded it would be decrypted. The place where I need to send the encrypted emails won't permit any software to be installed on their system. If need be though, I am sure the key could be loaded into their OE 6 mail client.
This was what I was hoping for. If not, are there any other suggestions given the parameters I have outlined?
First off, the email you get from CERT is not encrypted, it's signed.
Secondly, you have to have some sort of decrypting software and key to decrypt an encrypted email or file. Can you decrypt the files locally? What key is the shopping cart system configured to encrypt with and to?
I have the matching private key so where do I put it to decrypt it. I have access to an OE 6 mail client will that do it? Or, I have access to a Mac Entourage email client.
I have both key blocks so when I know where to put it I should be able to proceed.
I went into SSH and typed in gpg --import and now it is 24 minutes later and it still looks like this:
********************
Changes to system files may affect your warranty and
discharge Ensim from any further obligation to provide
customer with warranty services or support hereunder
*********************************************************
[root@sv1 root]# gpg --import
It is never coming back with the pound sign so I suspect something is wrong. Should it take this long?
That worked and I had installed some plugin for Entourage and using the plugin it now works. Seems I had to load gpg to the Mac and import the keys before it could work.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.