HPE Community
Operating System - HP-UX
1834403 Members
2650 Online
110067 Solutions
New Discussion

Re: encrypt on HPUX - decrypt on Solaris

 
Ronald W. Widlewski
Advisor

‎10-12-2006 07:34 AM

‎10-12-2006 07:34 AM

encrypt on HPUX - decrypt on Solaris

I am interested in what the membership
may suggest in answer to a potential
issue/problem.

I will be scripting a process to Sftp
a file between an internal HPUX system
and a vendor Solaris system.

I would prefer to encrypt the file on
the HPUX side and correspondingly decrypt
on the Solaris side.

What tools/applications might be suggested
to accomplish this task, using strong
encryption...

Thank you in advance !
0 Kudos
10 REPLIES 10
Yang Qin_1
Honored Contributor

‎10-12-2006 07:51 AM

‎10-12-2006 07:51 AM

Re: encrypt on HPUX - decrypt on Solaris

It was said that: crypt" can be used on both HPUX Solaris, I never have a chance to test it though.
0 Kudos
Patrick Wallek
Honored Contributor

‎10-12-2006 08:06 AM

‎10-12-2006 08:06 AM

Re: encrypt on HPUX - decrypt on Solaris

I would look at GPG (Gnu Privacy Guard).

http://www.gnupg.org/

We use this to transport files between one of our HP-UX systems and a vendor system of an unknow type.

It works quite well.
0 Kudos
Steven Schweda
Honored Contributor

‎10-12-2006 08:40 AM

‎10-12-2006 08:40 AM

Re: encrypt on HPUX - decrypt on Solaris

GnuPG is popular these days. PGP is the old
stand-by:

http://www.pgp.com/
http://www.pgpi.org/

> [...] a vendor Solaris system.

For any of this stuff, you need to coordinate
with the folks at the other end, who may
already be set up for some of the options.
0 Kudos
Brian A. Scurlock_1
Frequent Advisor

‎10-12-2006 09:55 AM

‎10-12-2006 09:55 AM

Re: encrypt on HPUX - decrypt on Solaris

<-- Another vote for GPG.

I have had good results with GPG across platforms.The basic setup is this.
As a NON-ROOT user on both the HP-UX and Solaris servers, a public/Private keypair will need to be generated using GPG. You and your vendor will then exchange PUBLIC key files(DO NOT provide your private key to the vendor). The file is then encrypted by you using your private key on the HPUX box and can be Decrypted using the public key you provided to the vendor on their solaris box.

-Brian
You can do anything you set your mind to when you have vision, determination, and an endless supply of expendable labor.
0 Kudos
Steve Lewis
Honored Contributor

‎10-12-2006 08:21 PM

‎10-12-2006 08:21 PM

Re: encrypt on HPUX - decrypt on Solaris

Brian has just described signing, not encryption. Since the public key is by definition public - anyone who had the public key could decrypt a message that was encrypted by your private key. All that it proves is that the message must have come from you.

Luckily the gpg command knows what to do when you tell it to encrypt - it asks for the public key of the recipient. Only the recipient has the private key that is required to decrypt it.

GPG is good and fairly strong these days, provided your source of random data is good and you use the longest keys supported.
When combined with sftp as the transport, it isn't bad at all.

A good tip for gpg is proper key management. Do not keep your private or public keys on a server that is connected to the internet. If anyone gets your private key, then you are as open as clear text.

0 Kudos
Doug O'Leary
Honored Contributor

‎10-13-2006 12:50 AM

‎10-13-2006 12:50 AM

Re: encrypt on HPUX - decrypt on Solaris

Hey;

As others have noted, if you want to encrypt the file on hpux and decrypt it on solaris, then gpg is your answer.

My question, though, is why do you want to do that? If you're interest is in preventing the file from being intercepted somewhere in the transmission, then sending it via scp or sftp already does that. The entire tunnel is encrypted end to end.

If, on the other hand, you want to ensure only one person or group on the receiving end can access the file, then you're right; gpg is the answer.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Ronald W. Widlewski
Advisor

‎10-13-2006 06:14 AM

‎10-13-2006 06:14 AM

Re: encrypt on HPUX - decrypt on Solaris

In reply to Doug's observation, there
is a need to provide file encryption to
preserve the confidential nature of
the contents (there is actually less of
a need for sFtp as the transport.

It has been suggested by the vendor to
use either of two other applications/tools
not mentioned by this community, being
bcrypt and plexcrypt. Any experience
with either of these, or comment ?

Thx.
0 Kudos
Steven Schweda
Honored Contributor

‎10-13-2006 06:16 PM

‎10-13-2006 06:16 PM

Re: encrypt on HPUX - decrypt on Solaris

I know nothing, but based on info found by
Google, I probably wouldn't choose either of
them.

"bcrypt" looks simple, but it uses private
keys, so key management involves someone
sending a private pass phrase to someone
else somehow.

http://bcrypt.sourceforge.net/

"PlexCrypt software is written purely in
Java", so I'll bet that's fast. Apparently,
they want money for it, too (although not
much).

http://www.plexobject.com/software/plexcrypt/

I'd ask your vendor's folks why they aren't
friends with GnuPG.
0 Kudos
Ronald W. Widlewski
Advisor

‎10-16-2006 12:08 AM

‎10-16-2006 12:08 AM

Re: encrypt on HPUX - decrypt on Solaris

Thank you ... one and all
0 Kudos
Ronald W. Widlewski
Advisor

‎10-16-2006 12:11 AM

‎10-16-2006 12:11 AM

Re: encrypt on HPUX - decrypt on Solaris

I will followup vendor Re:
suggested alternatives.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.