Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Data CD/DVD Encription

Nahmad_1
Advisor

Data CD/DVD Encription

Hi There

We need to send a very secure data CD/DVD to the remote sites and are looking for the best encription way to protect that data.

Thanks in advance for your help

Nagmad
6 REPLIES
Steven Schweda
Honored Contributor

Re: Data CD/DVD Encription

Define "best".

GnuPG can be used for encryption. It's
portable, popular, and free.

http://gnupg.org/
Steven E. Protter
Exalted Contributor

Re: Data CD/DVD Encription

Shalom,

The Internet Express package from http://software.hp.com for 11.11 11.23 and 11.31 contains a depot based PGP package that can encrypt your data.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven Schweda
Honored Contributor

Re: Data CD/DVD Encription

> [...] a depot based PGP package [...]

You mean GnuPG? GPG and PGP are different.

'0 products shown below matched your search on "pgp"'

http://www.pgp.com/

> [...] for 11.11 11.23 and 11.31 [...]

I'll admit that we were not told which OS is
in use here, but the request was posted in a
Linux forum, not an HP-UX forum.
Matti_Kurkela
Honored Contributor

Re: Data CD/DVD Encription

What's your primary threat?
Would your potential enemy mainly want to:
a) get a copy of your data to himself,
b) give the remote sites his own data instead of yours
c) both?

How many remote sites are there, approximately?
If there are only 1-10 remote sites, the solutions might be different from the case when there are 100 - 10 000 remote sites.

MK
MK
Nahmad_1
Advisor

Re: Data CD/DVD Encription

Hi Matti

The OS is LINUX. There are 6 sites. The main threat is bit general as the data we are distributing is a new release of software used for defence.

Thanks for the help

Nahmad
Matti_Kurkela
Honored Contributor

Re: Data CD/DVD Encription

If military is involved, then some secure communication methods should definitely be available, although they might not be very good for sending gigabytes of data. However, sending only the encryption key should not be too difficult.

Ask your military contact person(s): they should be able to provide you something that is compatible with the military standard procedures.

For an example, how about this:

Encrypt the files (or the CD/DVD image) separately for each site, using a good encryption algorithm (AES, perhaps?).
Use a different key for each site.

Burn the encrypted files to CDs/DVDs. Keep track of which site each disc is supposed to go. Keep the keys with you in a secure storage.

For each site:

Send an messenger (the armed military type, if appropriate) to deliver the disc to the site, with instructions like this:
- the messenger is allowed to give the disc ONLY to the specified recipient, nobody else. (You may specify two or three allowed recipients, to avoid problems if the primary person is not available.)
- if necessary, the messenger can (and must) destroy the disk rather than allow someone unauthorized to have it
- the messenger should verify the identity of the recipient
- the messenger should instruct the recipient to contact you immediately using whatever secure communication method is available.
- after delivering the disc, the messenger should report back to you

If the messenger does not report back within a reasonable time OR reports any problems in the delivery (wrong recipient, anything suspicious at the remote site, someone unauthorized handled the disc, etc.), you destroy the key for that particular site's disc. Without the key, the disc should be useless.

Only after BOTH the messenger and the recipient have confirmed that the disc was successfully delivered, you send the site's key directly to the recipient, using secure communications.

After the key is successfully received, you destroy the key so that it cannot be re-used. (Re-using an encryption key makes it easier to crack the encryption.)

The AES encryption algorithm is available in various open-source encryption tools, for example GPG and OpenSSL. Both are available in most Linux distributions. For details on how to use them... why would you trust a random stranger in the Internet rather than read the documentation of those utilities???

The documentation for each tool is usually installed to your system automatically when you install the tool itself. If some tool has a lot of documentation, the docs may be packaged separately, so you must choose to install the documentation package.

MK
MK