auto sign files

David Shaw dshaw at jabberwocky.com
Sun Jan 16 22:11:50 CET 2005


On Sun, Jan 16, 2005 at 10:06:44AM -0800, Mark Ivs wrote:
> Neil,
> Thank you for your detailed explanation of why it's
> very bad idea to sign it using a script.
> I am going to present the concerns to people involved
> and let them be fully aware of the risks. My guess is
> they are going to tell our customer that since this is
> an automated process, we can only encrypt it but not
> encrypt & sign.
> 
> Earlier, I was thinking auto signing files was
> possible in a secure way after reading the
> documentation in the link below.
> http://www.gnupg.org/(en)/documentation/faqs.html#q4.14
> Is that FAQ question about auto-signing keys or
> auto-signing files? Can you please clarify?
> 
> > If you want to 
> > sign automatically, use a non-personal key that
> > doesn't have ANY passphrase set.
> What does that mean?
> 
> > 2. as a script - in which case use a separate key
> > and advise your customer 
> > that the signature is worse than useless should your
> > machine be compromised. 
> Now that I understand the risks involved, I wouldn't
> use a script to auto sign files.
> But still I am curious to know how you would do it.

Hold on here... this is getting a little hysterical.

There is nothing at all wrong with signing from a script, automated
signing, or any variation thereof.  Just like any signing, the crucial
bit is to understand what you are doing, and why, and what the risks
are.  Once you have that understanding, determine if the risks are
acceptable to you or not.  Just as it is a mistake to relax your guard
too much, it is also a mistake to be so secure that you can't actually
get your work done.

The risks of automated signing are mainly that someone may break into
your machine and steal your key.  They can then use this signature in
various ways to impersonate the script that is making the signatures.
Take a moment to think about why you want the setup you describe, and
what would happen if the key was stolen.  Remember that once the
message leaves your unattended signing machine it is identical to the
message that would leave the machine if you had 50 armed police
officers guarding you as you typed in your 4-paragraph passphrase.

David



More information about the Gnupg-users mailing list