auto sign files

Neil Williams linux at codehelp.co.uk
Sun Jan 16 21:06:26 CET 2005


On Sunday 16 January 2005 6:06 pm, Mark Ivs wrote:
> Earlier, I was thinking auto signing files was
> possible in a secure way after reading the
> documentation in the link below.
> http://www.gnupg.org/(en)/documentation/faqs.html#q4.14
> Is that FAQ question about auto-signing keys

auto-signing keys is always a bad idea - how can you automate the keysigning 
verification? Only the PGP GD and robot keys have done that and the results 
are not always welcomed.

By all means use automation to assist in keysigning protocols, I use the 
scripts from Peter Palfrader (cabot on Debian), but automation IMHO, should 
never replace personal verification and involvement. I've got various GnuPG 
automated environment scripts and processes - NONE have access to any secret 
keys. I can't think of a single situation where a secret key is actually 
necessary in an automated environment. There is always a better, more secure, 
method.

Convenience is the nemesis of security.

> or 
> auto-signing files? Can you please clarify?

"You should use the option --batch and don't use passphrases as there is 
usually no way to store it more securely than on the secret keyring itself. "

This is the use of keys without passphrases to which I referred. The FAQ 
clearly takes you through how to remove the passphrase.

The consequences are as I mentioned - the signature in this case is merely 
asserting that the script is functioning. Anyone can create another key with 
the same details and sign their files - so it comes down to checking the 
fingerprint of the signing key.

As you have no way of verifying the key against a person, if the website is 
hacked and the displayed fingerprint altered, users would have no way to 
know.

The FAQ is clear on the risks:
" It's also a good idea to install an intrusion detection system so that you 
hopefully get a notice of an successful intrusion, so that you in turn can 
revoke all the subkeys installed on that machine and install new subkeys. "

i.e. automated environments require additional security layers, increased 
vigilance and egg-on-face apologies when they go wrong.

Personally, I just don't think it's ever worth the risk - far better to copy 
the files to your machine, sign the files personally, then copy them to the 
public machine. Secret keys and public servers just don't mix.

-- 

Neil Williams
=============
http://www.dcglug.org.uk/
http://www.nosoftwarepatents.com/
http://sourceforge.net/projects/isbnsearch/
http://www.williamsleesmill.me.uk/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050116/dcc36808/attachment.pgp


More information about the Gnupg-users mailing list