batchmode for revocation certificate and key editing: security pr
oblem?
Burkhalter Christoph
chb@elca.ch
Fri Feb 15 13:29:01 2002
Hi all
I am playing with the idea to change the sources of gpg, so that
- a revoke-certificate can be made in batch mode (after creating the key in
batch mode)
- keys can be edited in batch mode (trust, sign, passwd, ...), controlled
by another application
I tried it out and (with relatively little changes) have a test-version,
that is behaving like this. It reads from an input file that can be defined.
I have created a sub-key (for signing only) without a passphrase, therefore
I don't have to store the passphrase for my private key on the disk.
Now my question: Why is this not possible in the (unchanged) gnuPG? Is it a
security issue to revoke and edit automatically (I mean: where are the risks
aside of creating a sub-key for signing without a passphrase)?
Thanks for any input
-- chris