auto sign files

Adam Cripps kabads at gmail.com
Tue Jan 18 10:08:55 CET 2005


On Sun, 16 Jan 2005 16:11:50 -0500, David Shaw <dshaw at jabberwocky.com> wrote:
> On Sun, Jan 16, 2005 at 10:06:44AM -0800, Mark Ivs wrote:
> > Neil,
> > Thank you for your detailed explanation of why it's
> > very bad idea to sign it using a script.
> > I am going to present the concerns to people involved
> > and let them be fully aware of the risks. My guess is
> > they are going to tell our customer that since this is
> > an automated process, we can only encrypt it but not
> > encrypt & sign.
> >
> > Earlier, I was thinking auto signing files was
> > possible in a secure way after reading the
> > documentation in the link below.
> > http://www.gnupg.org/(en)/documentation/faqs.html#q4.14
> > Is that FAQ question about auto-signing keys or
> > auto-signing files? Can you please clarify?
> >
> > > If you want to
> > > sign automatically, use a non-personal key that
> > > doesn't have ANY passphrase set.
> > What does that mean?
> >
> > > 2. as a script - in which case use a separate key
> > > and advise your customer
> > > that the signature is worse than useless should your
> > > machine be compromised.
> > Now that I understand the risks involved, I wouldn't
> > use a script to auto sign files.
> > But still I am curious to know how you would do it.
> 
> Hold on here... this is getting a little hysterical.
> 
> There is nothing at all wrong with signing from a script, automated
> signing, or any variation thereof.  Just like any signing, the crucial
> bit is to understand what you are doing, and why, and what the risks
> are.  Once you have that understanding, determine if the risks are
> acceptable to you or not.  Just as it is a mistake to relax your guard
> too much, it is also a mistake to be so secure that you can't actually
> get your work done.
> 
> The risks of automated signing are mainly that someone may break into
> your machine and steal your key.  They can then use this signature in
> various ways to impersonate the script that is making the signatures.
> Take a moment to think about why you want the setup you describe, and
> what would happen if the key was stolen.  Remember that once the
> message leaves your unattended signing machine it is identical to the
> message that would leave the machine if you had 50 armed police
> officers guarding you as you typed in your 4-paragraph passphrase.
> 
> David
> 

As a newbie in this area, I understand that there are at least two
types of security - the most desirable security and more secure than
now. This scenario fits in to the latter.

Sure, automated signing is not desirable as it still has flaws within
it if someone cracks your machine. But the alternative may be sending
out unsigned files, which is even less secure (assuming that they have
still broken in to your machine). Done properly, the automated signing
can add another layer of security that needs to be cracked. Does this
sound reasonable?

Adam
-- 
http://www.monkeez.org
GPG key: 7111B833



More information about the Gnupg-users mailing list