Perl, GPG, and --passphrase-fd

Christopher Maujean
Sat Jun 9 22:28:01 2001

(not trying to start a war)

2. Cool idea on the CRC thing, guess I should read the spec Gnupg seems 
a bit on the overkill side for simple CRC type mangling checks. MD5 
should work just fine for that, Perl's MD5 module runs on every platform 
that perl runs on...

1. Having a passphrase hard coded, or having no passphrase at all means, 
IMHO, that the origin of the message is untrusted, and unverifiable I 
can't trust that the signing key wasn't stolen and is being used by my 
arch-nemisis to impersonate my friend or business associate.


Anthony E . Greene wrote:

> On Thu, 07 Jun 2001 17:39:00 Christopher Maujean wrote:
>> umm, correct me if I'm wrong, but doesn't hardcoding the passphrase in a
>> text file somewhere Completely break, destroy, invalidate, and otherwise
>> mangle the whole point of encryption?
> True, but sometimes people feel it's needed for automated signing. They may
> as well use a key that does not have a passphrase. That's fine if you just
> need to verify the origin of the message.
> If the issue is making sure the message was not mangled by some mail server
> or other software along the way, then the CRC that is automatically done
> should be sufficient. The last line of text in an armored message is a 32bit
> CRC. If the armor is damaged in transit, the CRC fails and the message will
> not be decrypted.
> Tony
-- Christopher Maujean IT Director Premierelink Communications PLEASE encrypt all sensitive information using the following: GnuPG: 0x5DE74D38 Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38