Perl, GPG, and --passphrase-fd
Anthony E . Greene
agreene@pobox.com
Fri Jun 8 00:51:01 2001
On Thu, 07 Jun 2001 17:39:00 Christopher Maujean wrote:
>umm, correct me if I'm wrong, but doesn't hardcoding the passphrase in a=
=20
>text file somewhere Completely break, destroy, invalidate, and otherwise=
=20
>mangle the whole point of encryption?
True, but sometimes people feel it's needed for automated signing. They may
as well use a key that does not have a passphrase. That's fine if you just
need to verify the origin of the message.
If the issue is making sure the message was not mangled by some mail server
or other software along the way, then the CRC that is automatically done
should be sufficient. The last line of text in an armored message is a 32bit
CRC. If the armor is damaged in transit, the CRC fails and the message will
not be decrypted.
Tony
--=20
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05 MSN: te_greene
Linux. The choice of a GNU Generation. <http://www.linux.org/>