A Key-gen-config file that autodeletes?

Edward Khoo edwardkkb@cheerful.com
Tue Sep 11 19:01:01 2001 

Hi folks,

It is good to hear such learned opinions. Being a relative newbie to these
open source projects,
it does looks to me that a decision probably have to made regarding this
feature of supporting some sort of auto-capabilities.
On the other hand, I am in computer technology just long enough to know that
the answer is not going to be without trade-offs. :-|

As long as there is no guarantee that the hardware is secure, any software
decisions is hard to make.
And the classic saying, "security is only as good as its weakest link"

Also, this conversation have taken us away from my original concern of
automating the passing in of interactive parameters.
(assuming its a 'secure' computer)
- How to get "--batch" to work in either command line or scripting support?
- or If "--batch" is the option to use to pass in a config file in the first
place?

Here is Werner's original suggestion:
#!/bin/sh
gpg --gen-key --batch <$1
rm $1

Which did not work for me, as I am not sure of the data format that will be
accepted.

Best regards,
Edward

-----Original Message-----
From: Frank Tobin <ftobin@neverending.org>
To: gnupg-users@gnupg.org <gnupg-users@gnupg.org>
Date: Tuesday, September 11, 2001 7:04 PM
Subject: Re: A Key-gen-config file that autodeletes?



>Len Sassaman, at 01:58 -0700 on Tue, 11 Sep 2001, wrote:

>

>   Ah. Here's a reason to have a wipe function in GnuPG, similar to

>   "pgp -w". Simply rm'ing a file that has the passphrase in it might

>   not be enough for some people.

>

>While this has been pointed out before (and I'm not picking on you, Len),

>I don't think it would be a good idea of GnuPG to try to emulate

>everything that PGP does.  What's next, PGPnet in GnuPG? :)

>

>The idea of having a wipe command might intrigue some people, there are

>many things out of the user's control that could totally eliminate the

>possiblity of a wipe doing what you want.  For example, the filesystem has

>to guarantee that you are writing over the same data, and not just writing

>it out someplace else, and forgetting the old stuff.

>

>So, the concept of a wipe is very system-specific, and should stay out of

>GnuPG's realm.  There are several wipe programs out there, feel free to

>choose one of many.  You aren't guaranteed any of them will work for you.

>

>I should note that on FreeBSD there is "rm -P" which has wipe-ish

>behaviour.  I expect you are sort of guaranteed that it works like you'd

>expect due to the "whole system deal" you get with FreeBSD.

>

>--

>Frank Tobin http://www.neverending.org/~ftobin/

>

>

>_______________________________________________

>Gnupg-users mailing list

>Gnupg-users@gnupg.org

>http://lists.gnupg.org/mailman/listinfo/gnupg-users