auto sign files
linux at codehelp.co.uk
Sun Jan 16 21:06:26 CET 2005
On Sunday 16 January 2005 6:06 pm, Mark Ivs wrote:
> Earlier, I was thinking auto signing files was
> possible in a secure way after reading the
> documentation in the link below.
> Is that FAQ question about auto-signing keys
auto-signing keys is always a bad idea - how can you automate the keysigning
verification? Only the PGP GD and robot keys have done that and the results
are not always welcomed.
By all means use automation to assist in keysigning protocols, I use the
scripts from Peter Palfrader (cabot on Debian), but automation IMHO, should
never replace personal verification and involvement. I've got various GnuPG
automated environment scripts and processes - NONE have access to any secret
keys. I can't think of a single situation where a secret key is actually
necessary in an automated environment. There is always a better, more secure,
Convenience is the nemesis of security.
> auto-signing files? Can you please clarify?
"You should use the option --batch and don't use passphrases as there is
usually no way to store it more securely than on the secret keyring itself. "
This is the use of keys without passphrases to which I referred. The FAQ
clearly takes you through how to remove the passphrase.
The consequences are as I mentioned - the signature in this case is merely
asserting that the script is functioning. Anyone can create another key with
the same details and sign their files - so it comes down to checking the
fingerprint of the signing key.
As you have no way of verifying the key against a person, if the website is
hacked and the displayed fingerprint altered, users would have no way to
The FAQ is clear on the risks:
" It's also a good idea to install an intrusion detection system so that you
hopefully get a notice of an successful intrusion, so that you in turn can
revoke all the subkeys installed on that machine and install new subkeys. "
i.e. automated environments require additional security layers, increased
vigilance and egg-on-face apologies when they go wrong.
Personally, I just don't think it's ever worth the risk - far better to copy
the files to your machine, sign the files personally, then copy them to the
public machine. Secret keys and public servers just don't mix.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050116/dcc36808/attachment.pgp
More information about the Gnupg-users