?
Solved

pgp encryption

Posted on 2006-10-26
3
Medium Priority
?
428 Views
Last Modified: 2010-04-11
Hey all:

Hope you can help with this.  I have a client who just received two emails.  One email has in the body

the phrase is:whateverthephrasewas

and the other had  a file and in it the sender stated:

The file is encrypted in conventional encryption of PGP which would conform with standard HIPAA data encryption.

Basically, the sender sent a file that's encrypted, but we have not shared public keys.  My question is can you decrypt a file using PGP without someone's public key (I'm assuming that's what the conventional PGP means).

Any help on this would be greatly appreciated.

jocasio
0
Comment
Question by:Juan Ocasio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
rllynch earned 1000 total points
ID: 17819500
PGP conventional mode refers to password based encryption.  It doesn't need public/private keys.  If you run pgp on the encrypted file, it should prompt you for the password (from the first email), and decrypt the file for you.
0
 
LVL 1

Expert Comment

by:rllynch
ID: 17819557
As an aside, using PGP in this way isn't secure at all.  Anyone that could get their hands on both emails could decrypt the file.  It would be better for your client to generate a public + private key, send the public key to the sender of the file, and have the sender encrypt the file using your client's public key.  That way, any eavesdroppers would be unable to decrypt the file.  Or if they insist on using password based encryption, communicate the password using some other means besides email (phone, fax, snail mail, etc.).
0
 
LVL 14

Author Comment

by:Juan Ocasio
ID: 17819836
Thanks rllynch:

Yes.  I kinda figured it out.  I also think they are using GnuPGP.  Thanks for the post.

jocasio
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Make the most of your online learning experience.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question