gpg from cronjobs

Werner Koch wk at
Wed Dec 22 09:39:07 CET 1999

 On Tue, Dec 21, 1999 at 10:57:51PM -0600
 Frank Tobin wrote:

> Personally, I just say go for the key without a passphrase.

I agree with you.

A thing which might help a little bit in this case is the ability
to remove the passphrase selectively from a secondary key.  This way 
you can decrypt without a passphrase but still leave your signing key
protected - so in case someone breaks into your system (and you have a
really good passphrase - quite random and written down somewhere) you
can keep the signatures on your key and create a new encryption key.
Well, all messages ever send in the past are now subject to decryption
by the cracker.

Another more "secure" way could be an export-secret-key which replaces
the primary key with a dummy one (at least the secret part of it).

I have to see whether I can implement one of these things.  I see
quite a lot of applications which could benefit from it.  Frankly
I have a ned for this too.

Werner Koch at            keyid 621CC013
     Boycott Amazon!  -

More information about the Gnupg-devel mailing list