Automate gpg

Dailey,Nancy nancy.dailey@gartner.com
Tue Oct 9 23:34:01 2001


I followed the instructions below on how to use GnuPG in an automated
environment (from FAQ), then realized I had mistyped the email address.  I
tried to add a new userid with the correct email address, and keep getting
the message, "Secret keys not available".  I then went back to the manual
and read under "--export-secret-subkeys" that "The second form of the
command has the special property to render the secret part of the primary
key useless".  I am assuming this is the problem, but I don't know what to
do about it.  I was also not sure what I was supposed to use for 'foo'.  I
tried to use the short form of the added key ID, but this did not work.  We
kept trying different things until one worked, and I'm not sure what that
was.

I really want to be able to automate this.  Can you tell me where I went
wrong and how I can automate signing the encrypted file?

Nancy Dailey


4.14) How can I use GnuPG in an automated environment? 

You should use the option --batch and don't use pass phrases as there is
usually no way to store it more secure than the secret
keyring itself. The suggested way to create the keys for the automated
environment is: 

On a secure machine: 

   1.If you want to do automatic signing, create a signing subkey for your
key (edit menu, choose "addkey" and the DSA). [H
     LI] Make sure that you use a passphrase (Needed by the current
implementation) 
   2.gpg --export-secret-subkeys --no-comment foo >secring.auto 
   3.Copy secring.auto and the public keyring to a test directory. 
   4.Cd to this directory. 
   5.gpg --homedir . --edit foo and use "passwd" to remove the pass-phrase
from the subkeys. You may also want to
     remove all unused subkeys. 
   6.copy secring.auto to a floppy and carry it to the target box 

On the target machine: 

   1.Install secring.auto as secret keyring. 
   2.Now you can start your new service. It is a good idea to install some
intrusion detection system so that you hopefully get
     a notice of an successful intrusion, so that you in turn can revoke all
the subkeys installed on that machine and install new
     subkeys. 	


Nancy N. Dailey
Senior Systems Analyst
IS3 - Information Systems and Technology
Gartner Group
Phone  1-203-316-3418
Fax      1-203-316-6490