Usage of gnupg to automatically decrypt messages.
Fri Aug 15 23:36:02 2003
If I understand your idea correctly, then anybody who can read the options
could see which secret key is registered and they then could use that secret
key (without a passphrase) to decrypt your messages. Especially if they
managed to connect using your account name. [[somebody like root]].
If you are going to do that, you might as well publish your passphrase. At
least with your passphrase published, you are constantly aware how insecure
your secret key really is.
Those of us who do use automated tools to decrypt files do use the
--phassphrase-fd option (or remove the passphrase completely). This servers
as a daily reminder that anybody who has access to the decryption box does
have access to the secret key. It is only a matter of time before the key
will have to be retired and another one distributed.
From: Naik, Sachin (Global Repo Systems) [mailto:SNaik@exchange.ml.com]
Sent: Friday, August 15, 2003 1:52 PM
Subject: Usage of gnupg to automatically decrypt messages.
I need to automatically decrypt messages. I don't want to pass in the
passphrase in the options as it will then be highly visible to everybody.
Can there be a way just as we register the public key of using the secret
key with the user name. So, it is as if we run the decrypt command and
specify a keyId or name of the user and the registered
secret key gets picked up and the decryption takes place. Thereby I don't
need to write down the passphrase.
Thanks in advance,
Gnupg-users mailing list
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.