Trouble automating gpg
Ryan Malayter
rmalayter@bai.org
Fri Oct 12 16:45:01 2001
After you move the secring.auto file to the test directory, you need to
rename it secring.gpg (which can get confusing), or use:
gpg --homedir . --edit foo --secret-keyring secring.auto
When you want to edit the key to remove the pass phrase.
A necessary step left out of the FAQ, it seems.
:::Ryan Malayter, MCSE
:::Bank Administration Institute
:::Chicago, Illinois, USA
-----Original Message-----
From: Dailey,Nancy [mailto:nancy.dailey@gartner.com]
Sent: Friday, October 12, 2001 8:29 AM
To: 'gnupg-users@gnupg.org'
Subject: Trouble automating gpg
I sent this message earlier. Does anyone have any answers?
Nancy
> -----Original Message-----
> From: Dailey,Nancy
> Sent: Tuesday, October 09, 2001 5:32 PM
> To: 'gnupg-users@gnupg.org'
> Subject: Automate gpg
>
> I followed the instructions below on how to use GnuPG in an automated
> environment (from FAQ), then realized I had mistyped the email
> address. I tried to add a new userid with the correct email address,
> and keep getting the message, "Secret keys not available". I then
> went back to the manual and read under "--export-secret-subkeys" that
> "The second form of the command has the special property to render the
> secret part of the primary key useless". I am assuming this is the
> problem, but I don't know what to do about it. I was also not sure
> what I was supposed to use for 'foo'. I tried to use the short form
> of the added key ID, but this did not work. We kept trying different
> things until one worked, and I'm not sure what that was.
>
> I really want to be able to automate this. Can you tell me where I
> went wrong and how I can automate signing the encrypted file?
>
> Nancy Dailey
>
>
> 4.14) How can I use GnuPG in an automated environment?
>
> You should use the option --batch and don't use pass phrases as there
> is usually no way to store it more secure than the secret keyring
> itself. The suggested way to create the keys for the automated
> environment is:
>
> On a secure machine:
>
> 1.If you want to do automatic signing, create a signing subkey for
> your key (edit menu, choose "addkey" and the DSA). [H
> LI] Make sure that you use a passphrase (Needed by the current
> implementation)
> 2.gpg --export-secret-subkeys --no-comment foo >secring.auto
> 3.Copy secring.auto and the public keyring to a test directory.
> 4.Cd to this directory.
> 5.gpg --homedir . --edit foo and use "passwd" to remove the
> pass-phrase from the subkeys. You may also want to
> remove all unused subkeys.
> 6.copy secring.auto to a floppy and carry it to the target box
>
> On the target machine:
>
> 1.Install secring.auto as secret keyring.
> 2.Now you can start your new service. It is a good idea to install
> some intrusion detection system so that you hopefully get
> a notice of an successful intrusion, so that you in turn can
> revoke all the subkeys installed on that machine and install new
> subkeys.
>
>
> Nancy N. Dailey
> Senior Systems Analyst
> IS3 - Information Systems and Technology
> Gartner Group
> Phone 1-203-316-3418
> Fax 1-203-316-6490
>
>
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users