gpg from cronjobs

Werner Koch wk@gnupg.org
Wed, 22 Dec 1999 09:39:07 +0100


 On Tue, Dec 21, 1999 at 10:57:51PM -0600
 Frank Tobin wrote:


> Personally, I just say go for the key without a passphrase.
I agree with you. A thing which might help a little bit in this case is the ability to remove the passphrase selectively from a secondary key. This way you can decrypt without a passphrase but still leave your signing key protected - so in case someone breaks into your system (and you have a really good passphrase - quite random and written down somewhere) you can keep the signatures on your key and create a new encryption key. Well, all messages ever send in the past are now subject to decryption by the cracker. Another more "secure" way could be an export-secret-key which replaces the primary key with a dummy one (at least the secret part of it). I have to see whether I can implement one of these things. I see quite a lot of applications which could benefit from it. Frankly I have a ned for this too. -- Werner Koch at guug.de www.gnupg.org keyid 621CC013 Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html