gpg from cronjobs

Werner Koch
Wed, 22 Dec 1999 09:39:07 +0100

 On Tue, Dec 21, 1999 at 10:57:51PM -0600
 Frank Tobin wrote:

> Personally, I just say go for the key without a passphrase.
I agree with you. A thing which might help a little bit in this case is the ability to remove the passphrase selectively from a secondary key. This way you can decrypt without a passphrase but still leave your signing key protected - so in case someone breaks into your system (and you have a really good passphrase - quite random and written down somewhere) you can keep the signatures on your key and create a new encryption key. Well, all messages ever send in the past are now subject to decryption by the cracker. Another more "secure" way could be an export-secret-key which replaces the primary key with a dummy one (at least the secret part of it). I have to see whether I can implement one of these things. I see quite a lot of applications which could benefit from it. Frankly I have a ned for this too. -- Werner Koch at keyid 621CC013 Boycott Amazon! -