Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[ucrypt]

Thanks for clarification. Actually, what I tried to do was to create a self executable archive with my own public key. This way I wouldn't have to deal with multiple passwords. I have used other peoples' public keys for creating archives in the past (without a separate password) and they had no problems opening them (with their own secret keys) - in fact, the user interface specifically allows for this. Moreover, creating an archive with my own public key (i.e. without using a separate password first) allows me to open it with my secret key. The problems was that when one created a self executable archive out of such an archive the self executable could no longer be opened and displayed the above error message. The idea was to store some important file online in order to provide for contingency access to data when neither my own computer nor a computer with BCarchive installed on it are available. That's why I would like to have an executable and not a regular archive. Of course, a workaround would be to use only a password.

P.S.: I have now tested the new version (Internal Archive V2.01 / executable file version 1.03, bundled with BCrypt 8.05.1). The behavior and the interface of the self-extracting archive are now different than before: one can now open the self-extracting archive by entering the secret key in the password field, checking "use secret key" and pointing to the (in my case PKCS 12) certificate. While fully functional and adequate from BCarchive's security perspective this probably creates a security risk for the user since both the (certificate) password and the certificate itself have to be available on the target system (certificate possibly on a USB key) allowing an attacker with a sophisticated key logger and/or root-kit to get a hold of both. A more secure but less convenient method is to use a one time password - not easy to remember though. Knowing what the intent is, would you have any other suggestions or advice?

An additional option would be to integrate something like PhoneFactor (https://www.phonefactor.net/) two-factor authentication or similar functionality into archives (or possibly even into BCrypt virtual drives).

[Jetico]

We investigated the case more carefully.
Let me make the comment. If you create an archive with a public key of another user,
you can put the data to the archive, but you won't be able to open the archive later,
because you have not the secret key.
Certainly, you can just send the archive to the owner of the secret key and forget about it.
If you want to check/edit the contents of the archive - you cannot do so.

That is why we supposed that the user will always create the arhive with a password first, and then
ADD public key(s) to the archive. If you do so, and then create self-extracting archive  -
you (with BCArchive installed) will be able to open the archive with your password, and the owner of the key
(without BCArchive)  will be able to open the archive with the secret key.

We realize that the situaton is not very obvious. In that case, we should have forbidden creating new archives
encrypted with public key. Archives must be created with a password only. We will continue to think on the matter.
If you have your comments/suggestions, we will greatly appreciate your participation.

[Jetico]

Please accept our apologies.
Whe EXE file is created from BCA file, Key Manager utility is not included.
But to be able to open an archive with secret key, this module is not needed -
user just should be able to point to the file containing the appropriate secret key.

We will fix the bug in the next minor upgrade of BCArchive and I will let you know.
Thank you for the report.

[ucrypt]

After creating a self-executing archive for backup purposes and then trying to open it I get an error message: Can not load module 'BCKeyMan.dll' (I use BCarchive V2.002 for Windows under Vista SP1, installed as part of BCrypt 8.04.4 / driver 4.13).  The original .BCA archive was created with my own public key. Any ideas what the problem could be?