gpg from cronjobs
Werner Koch
wk@gnupg.org
Wed, 22 Dec 1999 09:39:07 +0100
On Tue, Dec 21, 1999 at 10:57:51PM -0600
Frank Tobin wrote:
> Personally, I just say go for the key without a passphrase.
I agree with you.
A thing which might help a little bit in this case is the ability
to remove the passphrase selectively from a secondary key. This way
you can decrypt without a passphrase but still leave your signing key
protected - so in case someone breaks into your system (and you have a
really good passphrase - quite random and written down somewhere) you
can keep the signatures on your key and create a new encryption key.
Well, all messages ever send in the past are now subject to decryption
by the cracker.
Another more "secure" way could be an export-secret-key which replaces
the primary key with a dummy one (at least the secret part of it).
I have to see whether I can implement one of these things. I see
quite a lot of applications which could benefit from it. Frankly
I have a ned for this too.
--
Werner Koch at guug.de www.gnupg.org keyid 621CC013
Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html