batchmode for revocation certificate and key editing: security pr
Fri Feb 15 13:29:01 2002
I am playing with the idea to change the sources of gpg, so that
- a revoke-certificate can be made in batch mode (after creating the key in
- keys can be edited in batch mode (trust, sign, passwd, ...), controlled
by another application
I tried it out and (with relatively little changes) have a test-version,
that is behaving like this. It reads from an input file that can be defined.
I have created a sub-key (for signing only) without a passphrase, therefore
I don't have to store the passphrase for my private key on the disk.
Now my question: Why is this not possible in the (unchanged) gnuPG? Is it a
security issue to revoke and edit automatically (I mean: where are the risks
aside of creating a sub-key for signing without a passphrase)?
Thanks for any input