Trouble automating gpg

Dailey,Nancy nancy.dailey@gartner.com
Fri Oct 12 15:31:01 2001


I sent this message earlier.  Does anyone have any answers?

Nancy


> -----Original Message-----
> From: Dailey,Nancy
> Sent: Tuesday, October 09, 2001 5:32 PM
> To: 'gnupg-users@gnupg.org'
> Subject: Automate gpg
>
> I followed the instructions below on how to use GnuPG in an automated
> environment (from FAQ), then realized I had mistyped the email address. I
> tried to add a new userid with the correct email address, and keep getting
> the message, "Secret keys not available". I then went back to the manual
> and read under "--export-secret-subkeys" that "The second form of the
> command has the special property to render the secret part of the primary
> key useless". I am assuming this is the problem, but I don't know what to
> do about it. I was also not sure what I was supposed to use for 'foo'. I
> tried to use the short form of the added key ID, but this did not work.
> We kept trying different things until one worked, and I'm not sure what
> that was.
>
> I really want to be able to automate this. Can you tell me where I went
> wrong and how I can automate signing the encrypted file?
>
> Nancy Dailey
>
>
> 4.14) How can I use GnuPG in an automated environment?
>
> You should use the option --batch and don't use pass phrases as there is
> usually no way to store it more secure than the secret
> keyring itself. The suggested way to create the keys for the automated
> environment is:
>
> On a secure machine:
>
> 1.If you want to do automatic signing, create a signing subkey for your
> key (edit menu, choose "addkey" and the DSA). [H
> LI] Make sure that you use a passphrase (Needed by the current
> implementation)
> 2.gpg --export-secret-subkeys --no-comment foo >secring.auto
> 3.Copy secring.auto and the public keyring to a test directory.
> 4.Cd to this directory.
> 5.gpg --homedir . --edit foo and use "passwd" to remove the pass-phrase
> from the subkeys. You may also want to
> remove all unused subkeys.
> 6.copy secring.auto to a floppy and carry it to the target box
>
> On the target machine:
>
> 1.Install secring.auto as secret keyring.
> 2.Now you can start your new service. It is a good idea to install some
> intrusion detection system so that you hopefully get
> a notice of an successful intrusion, so that you in turn can revoke
> all the subkeys installed on that machine and install new
> subkeys.
>
>
> Nancy N. Dailey
> Senior Systems Analyst
> IS3 - Information Systems and Technology
> Gartner Group
> Phone 1-203-316-3418
> Fax 1-203-316-6490
>
>