General Security Question
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
General Security Question
by Timo Meinen-5
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Dear developers and users of Anubis, I successfully installed Anubis and it signs every outgoing mail of me (like you can see at the end of this mail :-) with my GPG key. But I have a general security question. Perhaps I didn't understand the system correctly or perhaps I am using a wrong configuration, so please explain the following to me: GPG provides a mechanism to be absolutly sure, that a signed message was written by the person who has the corresoponding key. To secure the private key it is normally enrypted with a passphrase, which only the one identity should know. Using Anubis, I am supposed to write my passphrase in a database on the Anubis-computer. And in this database it is written in plaintext. So, at least the root user of this system is able to read all the GPG passphrases of the users using this Anubis installation. I would prefer to keep the GPG passphrase only in my mind and not in plaintext on any server. The second problem I see is, that a person who is able to log into the Anubis SMTP Relay, may write messages and let Anubis sign it with MY key. Is there another possibility to let Anubs sign my messages but without saving my passphrase on the server? Thank you for your answers Timo Meinen meinen@... - -- Glück Auf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFDe6o9eh8+Xr6H+wkRAt6EAJ9/qu+KSQnstFMtsqcicuXV31jjoQCfTA/s M99ruL6drGf/tGea59x0YBs= =svnT -----END PGP SIGNATURE----- _______________________________________________ Bug-anubis mailing list Bug-anubis@... http://lists.gnu.org/mailman/listinfo/bug-anubis |
|
|
Re: General Security Question
by Sergey Poznyakoff
::
Rate this Message:
Hi Timo,
> I successfully installed Anubis and it signs every outgoing mail of me > (like you can see at the end of this mail :-) with my GPG key. Great, I am pleased to hear that. > Using Anubis, I am supposed to write my passphrase in a database on > the Anubis-computer. No, this is not so. Your password, as well as the rest of your configuration settings, is stored in your personal Anubis configuration file (usually $HOME/.anubisrc), which should have the access bits 0600, i.e. only its owner (i.e. you) can read it. Of course, the superuser can read whatever files are on the system. It is normal for any environment. If you don't trust the administrator, you should not use his/her server at all. > The second problem I see is, that a person who is able to log into the > Anubis SMTP Relay, may write messages and let Anubis sign it with MY > key. No, it is not right, either. Before getting access to Anubis services, any user is authenticated first. Successful authentication determines the user identity, basing on which Anubis will select the profile to use for this user. The exact way of authentication depends on the Anubis mode, please refer to the documentation for the detailed discussion (http://www.gnu.org/software/anubis/manual/html_chapter/anubis_4.html#SEC4). This boils down to the same corollary as with any authentication: unless you let someone steal your credentials, you can be sure that only you can use your settings. > Is there another possibility to let Anubs sign my messages but without > saving my passphrase on the server? The only feasible option is to install Anubis on your machine. Then you will have full control over it. Regards, Sergey _______________________________________________ Bug-anubis mailing list Bug-anubis@... http://lists.gnu.org/mailman/listinfo/bug-anubis |
|
|
Re: General Security Question
by Timo Meinen-5
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Hi Sergey, thanks for your quick response. > If you don't trust the administrator, you > should not use his/her server at all. Ok under this condition it is ok to use Anubis on the server. And in my case I am the administrator so I will use it further on. :-) > unless > you let someone steal your credentials, you can be sure that only you > can use your settings. Of course that's true. I now map the user to the local user on the server and it works just fine. And for authentication I am usign Cram-MD5. So, I am happy that I can still use Anubis. :-) Thank you Timo Meinen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFDfceeeh8+Xr6H+wkRAuafAJ4lD4wqSaBRPJ4xA6C5CTb+plFADQCfTjXJ VuCWF1+SFfh3F/4OGCwd2ZE= =x2Vl -----END PGP SIGNATURE----- _______________________________________________ Bug-anubis mailing list Bug-anubis@... http://lists.gnu.org/mailman/listinfo/bug-anubis |
| Free embeddable forum powered by Nabble | Forum Help |
