GPG decryption within shell scripts.

Ben Finney
Wed Jul 30 01:05:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 30-Jul-2003, Ben Finney wrote:
> In short: once you automate the use of crypto, your authentication
> model is reduced to the one used to access the files involved in the
> automated process.  In which case, why use encryption at all?

In retrospect, this is a bit extreme.  Automating crypto is useful, but
only as secure as the data accessed by the automated process.

Automating the local use of a passphrase, though, is completely
self-defeating.  Anyone who has access to the files used in automation
won't be prevented from getting *all* the information needed to get the
passphrase or its equivalent.  Thus, the security of the passphrase is
null and the only security that has any effect is the security used for
access to the files in the first place.

Passphrases are meant to be kept in people's heads, not recorded for use
by computers.

 \         "I planted some bird seed. A bird came up. Now I don't know |
  `\                               what to feed it."  -- Steven Wright |
_o__)                                                                  |
Ben Finney <>

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (GNU/Linux)