GPG decryption within shell scripts.
Wed Jul 30 01:05:02 2003
Content-Type: text/plain; charset=us-ascii
On 30-Jul-2003, Ben Finney wrote:
> In short: once you automate the use of crypto, your authentication
> model is reduced to the one used to access the files involved in the
> automated process. In which case, why use encryption at all?
In retrospect, this is a bit extreme. Automating crypto is useful, but
only as secure as the data accessed by the automated process.
Automating the local use of a passphrase, though, is completely
self-defeating. Anyone who has access to the files used in automation
won't be prevented from getting *all* the information needed to get the
passphrase or its equivalent. Thus, the security of the passphrase is
null and the only security that has any effect is the security used for
access to the files in the first place.
Passphrases are meant to be kept in people's heads, not recorded for use
\ "I planted some bird seed. A bird came up. Now I don't know |
`\ what to feed it." -- Steven Wright |
Ben Finney <email@example.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----