[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

pgp encryption

Posted on 2006-10-26
3
Medium Priority
?
434 Views
Last Modified: 2010-04-11
Hey all:

Hope you can help with this.  I have a client who just received two emails.  One email has in the body

the phrase is:whateverthephrasewas

and the other had  a file and in it the sender stated:

The file is encrypted in conventional encryption of PGP which would conform with standard HIPAA data encryption.

Basically, the sender sent a file that's encrypted, but we have not shared public keys.  My question is can you decrypt a file using PGP without someone's public key (I'm assuming that's what the conventional PGP means).

Any help on this would be greatly appreciated.

jocasio
0
Comment
Question by:Juan Ocasio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
rllynch earned 1000 total points
ID: 17819500
PGP conventional mode refers to password based encryption.  It doesn't need public/private keys.  If you run pgp on the encrypted file, it should prompt you for the password (from the first email), and decrypt the file for you.
0
 
LVL 1

Expert Comment

by:rllynch
ID: 17819557
As an aside, using PGP in this way isn't secure at all.  Anyone that could get their hands on both emails could decrypt the file.  It would be better for your client to generate a public + private key, send the public key to the sender of the file, and have the sender encrypt the file using your client's public key.  That way, any eavesdroppers would be unable to decrypt the file.  Or if they insist on using password based encryption, communicate the password using some other means besides email (phone, fax, snail mail, etc.).
0
 
LVL 15

Author Comment

by:Juan Ocasio
ID: 17819836
Thanks rllynch:

Yes.  I kinda figured it out.  I also think they are using GnuPGP.  Thanks for the post.

jocasio
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
What we learned in Webroot's webinar on multi-vector protection.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question