GPG decryption within shell scripts.

Ben Finney ben@benfinney.id.au
Wed Jul 30 01:05:02 2003


--FN+gV9K+162wdwwF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 30-Jul-2003, Ben Finney wrote:
> In short: once you automate the use of crypto, your authentication
> model is reduced to the one used to access the files involved in the
> automated process.  In which case, why use encryption at all?

In retrospect, this is a bit extreme.  Automating crypto is useful, but
only as secure as the data accessed by the automated process.

Automating the local use of a passphrase, though, is completely
self-defeating.  Anyone who has access to the files used in automation
won't be prevented from getting *all* the information needed to get the
passphrase or its equivalent.  Thus, the security of the passphrase is
null and the only security that has any effect is the security used for
access to the files in the first place.

Passphrases are meant to be kept in people's heads, not recorded for use
by computers.

--=20
 \         "I planted some bird seed. A bird came up. Now I don't know |
  `\                               what to feed it."  -- Steven Wright |
_o__)                                                                  |
Ben Finney <ben@benfinney.id.au>

--FN+gV9K+162wdwwF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iEYEARECAAYFAj8m/h4ACgkQt6wuUb1BcUsthQCeIIgiQqgJ1NWnVaFMS45rzH4M
jQIAniOuH/jSqviXxeacZ3f2O2s/rJQc
=9nwj
-----END PGP SIGNATURE-----

--FN+gV9K+162wdwwF--