auto sign files

David Shaw dshaw at jabberwocky.com
Tue Jan 18 20:21:15 CET 2005


On Tue, Jan 18, 2005 at 09:08:55AM +0000, Adam Cripps wrote:

> As a newbie in this area, I understand that there are at least two
> types of security - the most desirable security and more secure than
> now. This scenario fits in to the latter.
> 
> Sure, automated signing is not desirable as it still has flaws
> within it if someone cracks your machine. But the alternative may be
> sending out unsigned files, which is even less secure (assuming that
> they have still broken in to your machine). Done properly, the
> automated signing can add another layer of security that needs to be
> cracked. Does this sound reasonable?

Pretty much.  It depends on the overall system in which the signature
is being used.  There aren't any hard and fast rules, except that you
must look at the whole system and not just a part.  For example, in
the automated signing example, the recipient is part of the system,
and therefore needs to know that the signatures are being issued by a
machine.  The recipient can then decide what necessary countermeasures
(if any) are warranted against the chance of a compromised key.

David



More information about the Gnupg-users mailing list