Script with sensitive info
James R. Hendrick
Wed Jul 23 22:41:02 2003
If something is encrypted, to decrypt it you need to provide access to =
the "secret" (password, etc.)
If this script has to access encrypted data, it will need to access the =
key to unlock that data.
You *can* store that key in a file (but then you are at the mercy of the =
rest of the system security to protect that key).
You *can* require that a human input that key when the script starts up =
(maybe once per system boot). This still requires the key stay in memory =
in the clear (better than disk, but still possible to access).
> -----Original Message-----
> From: firstname.lastname@example.org [mailto:email@example.com]
> Sent: Wednesday, July 23, 2003 2:19 PM
> To: firstname.lastname@example.org
> Subject: Script with sensitive info
> I want to write a Perl script whose operation requires it to have some
> sensitive information (bank account passwords, etc.). This script is
> meant to run non-interactively, so having it prompt the user for this
> information is not an option. Also, encrypting the file itself would
> render the script uninterpretable by /usr/bin/perl.
> Is there a way to use Gnupg to solve the problem of protecting this
> script? (I realize that the script is already protected by my Unix
> account password, but I would like more protection than that.)
> Gnupg-users mailing list