FTP and PGP

TheMSsForum.com: The Microsoft Software Forum

With the earlier topic on "FTP using PGP", I am a little confuse.

My understanding is that you can use PGP to encrypt a file(s) and then you
can use regular/non-secure ftp to send it outside. I mean, the ftp
connection does not need to be secure because the file itself is already
encrypted with PGP and there's no need for a ftp client that support PGP.
You can use any ftp client to send any kind of files, PGP or not.

Am I correct on this?

thanks.
Top

Re: FTP and PGP by Imhotep

Imhotep
Thu Nov 03 18:18:35 CST 2005

wli2k2 wrote:

> With the earlier topic on "FTP using PGP", I am a little confuse.
>
> My understanding is that you can use PGP to encrypt a file(s) and then you
> can use regular/non-secure ftp to send it outside. I mean, the ftp
> connection does not need to be secure because the file itself is already
> encrypted with PGP and there's no need for a ftp client that support PGP.
> You can use any ftp client to send any kind of files, PGP or not.
>
> Am I correct on this?
>
> thanks.


Yes.

Imhotep
Top

Re: FTP and PGP by Johannes

Johannes
Fri Nov 04 05:10:18 CST 2005

wli2k2 wrote:
> With the earlier topic on "FTP using PGP", I am a little confuse.
>
> My understanding is that you can use PGP to encrypt a file(s) and then you
> can use regular/non-secure ftp to send it outside. I mean, the ftp
> connection does not need to be secure because the file itself is already
> encrypted with PGP and there's no need for a ftp client that support PGP.
> You can use any ftp client to send any kind of files, PGP or not.
>
> Am I correct on this?
>
> thanks.
>
>
A problem with FTP is, that the username & password is not encrypted.
The data in the file is secure. But everyone knows your
FTP-Server-Password :)
Top

Re: FTP and PGP by wli2k2

wli2k2
Fri Nov 04 09:07:04 CST 2005

FTP is generally insecure itself but PGP is one form of protection in that it
encrypts the file thats being transfer. I mean, even if someone else finds
out your password and get the file, they would not be able to decrypt the
file since its PGP encrypted.

"Johannes Buchner" wrote:

> wli2k2 wrote:
> > With the earlier topic on "FTP using PGP", I am a little confuse.
> >
> > My understanding is that you can use PGP to encrypt a file(s) and then you
> > can use regular/non-secure ftp to send it outside. I mean, the ftp
> > connection does not need to be secure because the file itself is already
> > encrypted with PGP and there's no need for a ftp client that support PGP.
> > You can use any ftp client to send any kind of files, PGP or not.
> >
> > Am I correct on this?
> >
> > thanks.
> >
> >
> A problem with FTP is, that the username & password is not encrypted.
> The data in the file is secure. But everyone knows your
> FTP-Server-Password :)
>
Top

Re: FTP and PGP by Alun

Alun
Fri Nov 04 17:12:11 CST 2005

Johannes Buchner wrote:
> wli2k2 wrote:
>> With the earlier topic on "FTP using PGP", I am a little confuse.
>>
>> My understanding is that you can use PGP to encrypt a file(s) and then
>> you can use regular/non-secure ftp to send it outside. I mean, the ftp
>> connection does not need to be secure because the file itself is already
>> encrypted with PGP and there's no need for a ftp client that support PGP.
>> You can use any ftp client to send any kind of files, PGP or not.
>>
>> Am I correct on this?

Yes, you are correct on this. PGP would protect the file, either in
transit, or in storage.

> A problem with FTP is, that the username & password is not encrypted.
> The data in the file is secure. But everyone knows your
> FTP-Server-Password :)

That's why you'd use FTPS, as specified in RFC 4712 (yes, it's an RFC, at
last, after at least eight years in waiting). Or anonymous FTP - maybe it's
a publicly available file-store. If the file is securely encrypted, you
should be able to post it on banners over the freeway.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@wftpd.com.
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


Top

Re: FTP and PGP by Alun

Alun
Fri Nov 04 17:19:37 CST 2005

Alun Jones wrote:
> Johannes Buchner wrote:
>> A problem with FTP is, that the username & password is not encrypted.
>> The data in the file is secure. But everyone knows your
>> FTP-Server-Password :)
>
> That's why you'd use FTPS, as specified in RFC 4712 (yes, it's an RFC, at
> last, after at least eight years in waiting). Or anonymous FTP - maybe
> it's a publicly available file-store. If the file is securely encrypted,
> you should be able to post it on banners over the freeway.

I forgot to mention that the only people who would know your FTP password
are those that can sniff the connection - this means someone with access to
the network connection between your client and your server, or with access
to the two ends. Other than wireless, it's very unlikely that such sniffing
would occur. Your insignificant FTP password, and the files it gives access
to, are nowhere near as interesting as some of the other traffic that makes
it across those links.

Alun.
~~~~
--
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@wftpd.com.
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


Top