Login or Register to Ask a Question and Join Our Community


HP-UX

PGP query with SDA

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems HP-UX PGP query with SDA
# 1  
Old 02-25-2009
PGP query with SDA
Hi
I have a requirement to have a script which will encrypt a file on my HPUX server in such a way that the receiver of the file only has to enter a passphrase to decrypt (no swapping of keys, etc.) Ideally, I want to use some free software to perform the task.

From what I have read so far, the way to do this involves encrypting it using PGP Self Decrypting Archive (SDA) which allows users to send conventionally encrypted files to people who do not have PGP installed.

However I don't know what tool to use on a HP-UX platform to achieve this. GnuGp might be the way to go, but I don't know if it supports SDA or how successful it is on HP-UX.

All advice welcome
TIA
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

The system will not keep sda as my boot drive

Hi everyone! A very frustrating night!!! I installed a new linux server on my system that has IDE drives and SATA drives. At the time of installation I only had IDE drive plugged in and that is where I install the linux. Everything works fine until I shut the system down and plug in my SATA... (3 Replies)
Discussion started by: hytron
3 Replies

2. Red Hat

Meaning of SDA

Hey everyone. Right now I am working through Red Hat's online storage reconfiguration guide for a project that we're working on. For removing storage paths to a volume using multipaths, it says that the first step is to type: echo offline> /sys/block/sda/device/state Does it actually mean SDA?... (2 Replies)
Discussion started by: msarro
2 Replies

3. Solaris

PGP encryption

Hi, i am trying to encrypt a file using pgp with a recepient's public key. The file is encrypted but the output file has owner & group nobody. i am not able to change it either. Please let me know how to do pgp encryption so that i get the output with owner and group as the same user which runs... (4 Replies)
Discussion started by: renjyverghese
4 Replies

4. UNIX for Advanced & Expert Users

Importing PGP keys

I'm hoping someone can help get me moving in the right direction here, so bear with me. I've got 2 RedHat Linux servers, let's call them A & B. - A receives "sensitive" files, which are PGP encrypted, and immediately sends them off to B for decryption/processing/deletion - B needs to make... (1 Reply)
Discussion started by: peteroc
1 Replies

5. UNIX for Advanced & Expert Users

pgp encryption

Hi I have one script for doing the gpg encryption on linux. The encrytion is doing fine when i am running the script from command prompt on linux The same script when it is triggering from mainframe using sysopts option in NDM(connect direct) the encryption step in the shell script is... (0 Replies)
Discussion started by: Arvind Maurya
0 Replies

6. Shell Programming and Scripting

PGP commands

i have successfully executed a PGP encrytp command with the following: "echo `pgp --encrypt filename --recipient user-key` > $fromDir/.encrypt" However, when i attempt to issue a decrypt command with following: "echo `pgp --decrypt filename --passphrase passphrase`" > $fromDir/.decrypt ... (1 Reply)
Discussion started by: rgard
1 Replies

7. UNIX for Advanced & Expert Users

scsi sda device not mounting !!

I have a small scsi memory disk device that my computer claims is a /dev/sda mount type.. and I have mounted it in the past.. but I just recently reinstalled my whole system to check out a couple of things on my database. including the scsi device and now I can't get it to mount.. i tried to mount... (20 Replies)
Discussion started by: moxxx68
20 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

volume_key

volume_key(8)						      System Manager's Manual						     volume_key(8)

NAME

       volume_key - work with volume encryption secrets and escrow packets

SYNOPIS

       volume_key [OPTION]... OPERAND...

DESCRIPTION

       volume_key  extracts "secrets" used for volume encryption (for example keys or passphrases) and stores them into separate encrypted "escrow
       packets", uses a previously created escrow packet to restore access to a volume (e.g. if the user forgets a passphrase), or manipulates the
       information in escrow packets.

       The  mode  of  operation and operands of volume_key are determined by specifying one of the --save, --restore, --setup-volume, --reencrypt,
       --dump or --secrets options.  See the OPTIONS sections for details.

OPTIONS

       In all options described below, VOLUME is a LUKS device, not the plaintext device containted within:
	      blkid -s TYPE VOLUME
       should report TYPE="crypto_LUKS".

       The following options determine the mode of operation and expected operands of volume_key:

       --save Expects operands VOLUME [PACKET].  Open VOLUME.  If PACKET is provided, load the secrets from it.  Otherwise, extract  secrets  from
	      VOLUME, prompting the user if necessary.	In any case, store secrets in one or more output packets.

       --restore
	      Expects  operands  VOLUME  PACKET.  Open VOLUME and use the secrets in PACKET to make VOLUME accessible again, prompting the user if
	      necessary (e.g. by letting the user enter a new passphrase).

       --setup-volume
	      Expects operands VOLUME PACKET NAME.  Open VOLUME and use the secrets in PACKET to set up VOLUME for use of the  decrypted  data	as
	      NAME.

	      Currently NAME is a name of a dm-crypt volume, and this operation makes the decrypted volume available as /dev/mapper/NAME.

	      This  operation  should not permanently alter VOLUME (e.g. by adding a new passphrase); the user can of course access and modify the
	      decrypted volume, modifying VOLUME in the process.

       --reencrypt
	      Expects operand PACKET.  Open PACKET, decrypting it if necessary, and store the information in one or more new output packets.

       --dump Expects operand PACKET.  Open PACKET, decrypting it if necessary, and output the contents of PACKET.  The secrets are not output	by
	      default.

       --secrets
	      Expects operand PACKET.  Open PACKET, decrypting it if necessary, and output secrets contained in PACKET.

       --help Show usage information.

       --version
	      Show version of volume_key.

       The following options alter the behavior of the specified operation:

       -b, --batch
	      Run  in  batch  mode.  Read passwords and passphrases from standard input, each terminated by a NUL character.  If a packet does not
	      match a volume exactly, fail instead of prompting the user.

       -d, --nss-dir DIR
	      Use private keys in NSS database in DIR to decrypt public key-encrypted packets.

       -o, --output PACKET
	      Write the default secret to PACKET.

	      Which secret is the default depends on volume format: it should not be likely to expire, and it should allow restoring access to the
	      volume using --restore.

       --output-data-encryption-key PACKET
	      Write the data encryption key (the key directly used to encrypt the actual volume data) to PACKET.

       --output-passphrase PACKET
	      Write a passphrase that can be used to access the volume to PACKET.

       --create-random-passphrase PACKET
	      Generate	a  random  alphanumeric passphrase, add it to VOLUME (without affecting other passphrases) and store the random passphrase
	      into PACKET.

       -c, --certificate CERT
	      Load a certificate from the file specified by CERT and encrypt all output packets using the public key contained in the certificate.
	      If this option is not specified, all output packets are encrypted using a passphrase.

	      Note that CERT is a certificate file name, not a NSS certificate nickname.

       --output-format FORMAT
	      Use  FORMAT for all output packets.  FORMAT can currently be one of asymmetric (use CMS to encrypt the whole packet, requires a cer-
	      tificate), asymmetric_wrap_secret_only (wrap only the secret, requires a certificate), passphrase (use  GPG  to  encrypt	the  whole
	      packet, requires a passphrase).

       --unencrypted
	      Only dump the unencrypted parts of the packet, if any, with --dump.  Do not require any passphrase or private key access.

       --with-secrets
	      Include secrets in the output of --dump

EXIT STATUS

       volume_key returns with exit status 0 on success, 1 on error.

NOTES

       The only currently supported volume format is LUKS.

EXAMPLE

       Typical usage of volume_key proceeds as follows.  During system installation or soon after, back up the default secret of a volume, and add
       a system-specific random passphrase.  Encrypt both using a certificate:
	      volume_key --save VOLUME -c CERT -o PACKET_DEFAULT --create-random-passphrase PACKET_PASSPHRASE
       Store PACKET_DEFAULT and PACKET_PASSPHRASE outside of the computer.

       If the user forgets a passphrase, and you can access the computer, decrypt PACKET_DEFAULT using the certificate private key  (which  should
       never leave a secure machine):
	      volume_key --reencrypt -d NSS_DB PACKET_DEFAULT -o PACKET_DEFAULT_PW
       Then boot the computer (e.g. using a "rescue mode"), copy PACKET_DEFAULT_PW to it, and restore access to the volume:
	      volume_key --restore VOLUME PACKET_DEFAULT_PW

       If the user forgets the passphrase, and you cannot access the computer, decrypt the backup passphrase:
	      volume_key --secrets PACKET_PASSPHRASE
       and tell the backup passphrase to the user.  (You can later generate a new backup passphrase.)

volume_key							     Jun 2011							     volume_key(8)