pgp to use with linux ftp server - PGP

This is a discussion on pgp to use with linux ftp server - PGP ; I'm trying to set up an ftp server on Linux Enterprise 3 using vsftp. The ftp part is fine, it's just that now different companies want to send/get files using pgp (they don't support sftp). I started out with just ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: pgp to use with linux ftp server

  1. pgp to use with linux ftp server

    I'm trying to set up an ftp server on Linux Enterprise 3 using vsftp. The
    ftp part is fine, it's just that now different companies want to send/get
    files using pgp (they don't support sftp). I started out with just one user
    and user directory and made a key, etc. Now there are other companies that
    want to use different signons and asking me to send them a pgp key. I
    installed gnupg but have no experience with it. How does this work? A key
    for each user? I keep hearing about a key ring, but what user should you be
    to generate these keys? root? The original user I set up and just import
    the keys I'm making for the other users? I want to start on the right track
    but don't know what direction to take.




  2. Re: pgp to use with linux ftp server


    Robin wrote:
    > I'm trying to set up an ftp server on Linux Enterprise 3 using vsftp.

    The
    > ftp part is fine, it's just that now different companies want to

    send/get
    > files using pgp (they don't support sftp). I started out with just

    one user
    > and user directory and made a key, etc. Now there are other

    companies that
    > want to use different signons and asking me to send them a pgp key.

    I
    > installed gnupg but have no experience with it. How does this work?

    A key
    > for each user? I keep hearing about a key ring, but what user should

    you be
    > to generate these keys? root? The original user I set up and just

    import
    > the keys I'm making for the other users? I want to start on the

    right track
    > but don't know what direction to take.



  3. Re: pgp to use with linux ftp server

    hi
    i am also trying to use pgp with vsftp server
    but failed
    can you tell me the procedure to set it upi
    bye


  4. Re: pgp to use with linux ftp server

    Robin wrote:
    >I'm trying to set up an ftp server on Linux Enterprise 3 using vsftp. The
    >ftp part is fine, it's just that now different companies want to send/get
    >files using pgp (they don't support sftp). I started out with just one user
    >and user directory and made a key, etc. Now there are other companies that
    >want to use different signons and asking me to send them a pgp key. I
    >installed gnupg but have no experience with it. How does this work? A key
    >for each user? I keep hearing about a key ring, but what user should you be
    >to generate these keys? root? The original user I set up and just import
    >the keys I'm making for the other users?


    In the first place, the recipients should be creating their own keys, if
    you're using public key encryption. If you're using symmetric encryption,
    there is no keyring required and you generate and distribute a key that is
    shared between you and the recipient.

    Have you considered using a password protected directory on a secure web
    server (HTTPS)? The Recipient(s) could just use a browser to download the
    data using 128bit SSL/TLS. No special client side software needed, no PGP
    needed. But you will need to closely monitor server configuration and
    access to this directory. I would recommend a server just for this
    function. Unless you anticipate having hundreds of simultaneous downloads
    of gigabyte+ sized files, any PIII or better box with at least 256MB RAM
    should be able to handle this mission easily. You can generate your own
    SSL key or buy one from Verisign. If you generate your own, you'll need to
    tell the Recipient(s) to import it into their browser (procedure varies
    based on browser and OS).

    If you do the encryption on the *nix box using GnuPG, it doesn't really
    matter what user to are as long as that user has access to copy files into
    the download directory. I recommend against working as root since it's not
    necessary for this.

    >I want to start on the right track
    >but don't know what direction to take.


    1. Recipient gets PGP or GnuPG and generates a key pair.

    2. Recipient sends the Sender their public key.

    3. Sender(s) add recipient's public key to their keyring.

    4. Sender encrypt file, specifying the public key of the recipient(s).
    Optionally, Sender could also sign the file so that Recipient can verify
    that the download was not corrupted and that the file had not been altered
    since it was signed by Sender.

    5. Sender places the encrypted file an FTP or Web server where
    Recipient(s) can retrieve it.

    6. Recipient downloads the encrypted file and decrypts it using PGP/GnuPG.
    If the file was signed, PGP/GnuPG will automatically verify file integrity
    too.

    You can encrypt the file for multiple recipients by specifying more than
    one recipient during the encryption process. Basically, PGP/GnuPG public
    key encryption works like this:

    1. PGP generates a key just for this data session.

    2. PGP compresses and encrypts the data using this session key.

    3. PGP encrypts the session key once per recipient, using each recipient's
    public key. It adds the encrypted session key to the beginning of the
    encrypted output data. So the output data only gets slightly larger for
    each additional recipient. The session key can only be recovered using the
    secret key that matches the public key used during encryption. Since only
    the recipient has this private key, only the recipient can decrypt the
    session key and use it to decrypt the data.

    4. The recipient's PGP looks through the data header for a Key ID that
    belongs to the recipient (Key ID matches a key on the recipient's secret
    keyring).

    5. PGP uses the matching secret key to decrypt the session key, then uses
    the session key to decrypt the data.

    --
    Tony

+ Reply to Thread