A last word on --passphrase-fd
21 Jan 2000 11:25:22 -0800
>>>>> "CR" == Chuck Robey <firstname.lastname@example.org> writes:
WK> Use unprotected keys. Encrypting something and storing the key
WK> on the same medium remembers if of DVDs :0)
CR> Uhh. I'm not the crypto-whiz you are. I understand (I think)
CR> the DVD story. Can you tell me why needing crypto signatures
CR> on output of a cron job equates to the DVD story? No sarcasm
CR> here, I really don't know.
I think you missed the point. It's not that you don't need GPG from
cron jobs, it's that if you -are- using GPG from cron jobs, you
shouldn't have a passphrase on the key that's used.
I'm not a crypto-whiz, either, but I think I can make an analogy.
It's not any good having a great big padlock on your door if you hide
the key under the doormat. It's a false sense of security to hide the
key, because it's trivial to find it. So, instead, leave the key in
the lock, and don't let people get near the door.
Leaving the key in the lock is -better- than putting it under the mat,
because it will make you nervous and more conscious about who you let
near the door, and what you keep behind it.
Does that make sense? I guess what I'm trying to say is that having
the GPG key and the passphrase stored in the same place is essentially
equivalent to having no passphrase at all. So, don't kid yourself and
go to the trouble of having a passphrase.