Suppressing passphrase prompt

David T-G
Sat Jun 22 20:26:02 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Leigh --

=2E..and then Leigh S. Jones said...
% >Re: Suppressing passphrase promptDavid T-G writes:
% >
% >Hey, you experts on the list -- am I the only one who is astonished and=
% >appalled at people putting their passphrases in code somewhere?  Am I=20
% >wrong and hard-coding is somehow safer than a guarded key?=20
% Well, I'm not one of those experts, but I also don't read "passphrases in=
% code" into these questions.

Ahhh...  After reading your extrapolation below it becomes clear how that
might be the case.  Thanks much for the insight.

% I myself am a lover of Linux, but being compelled to use Windows NT and
% Win2K at work and having it available at home has made me sensitive to

I know what you mean.  It hurts so much! :-)

% the issues affecting the Windows users. =20

Fair enough.

% I use gpg at work, not for encryption, but for very real, honest-to-god=
% nonrepudiation tasks.  And Windows is the forced environment.  Just by
% happenstance it's necessary for the secret key passphrase to be entered
% into the GUI a half an hour before the document being digitally signed is

There's the interesting bit.  I imagine that no amount of pipelining the
document being created (aside from the problems that would probably have
under Win ;-) to a gpg opened immediately would take care of that cleanly
enough, either.

% actually created, so the testing of the passphrase and storage (until use=
% in protected memory is dictated.


% relative security of a Unix/Linux system protecting their secret key ring=
% and most have their root directory trees shared as administrative shares
% so that absolutely anyone in the IT department at their companies can
% read and alter everything at will.

Heh :-)  Yeah, there is that sort of thing.

Thanks again! & HAND

David T-G                      * It's easier to fight for one's principles
(play) * than to live up to them. -- fortune cookie
(work)    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (GNU/Linux)