auto sign files

Jeff Fisher jeff+gnupg at jeffenstein.dyndns.org
Tue Jan 18 21:05:03 CET 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Jan 18, 2005 at 12:33:18PM +0000, Neil Williams wrote:
> On Tuesday 18 January 2005 9:08 am, Adam Cripps wrote:
> > As a newbie in this area, I understand that there are at least two
> > types of security - the most desirable security and more secure than
> > now. This scenario fits in to the latter.
> 
> Wrong - it falls into the security trap of being LESS secure than current.

How is it less secure?  It is encrypted before it leaves the machine, and you
can guarantee that it was either signed by the script, or signed by someone
who broke into the machine. If it's the latter case, all bets are off, because
they could steal your private key and passphrase at will anyway, even if
you're using pgp off of a usb key and following all of the other recommended
practices.

> 
> > Sure, automated signing is not desirable as it still has flaws within
> > it if someone cracks your machine. But the alternative may be sending
> > out unsigned files, which is even less secure
> 
> No, it's to send signed files that are copied in to place from a private 
> machine.
> 
> Keep private keys on private machines.

I belive the original problem was to automate this.  If you've never managed
a production environment, automation means no private machines.

As Adam said... This is more secure than the alternative.  If the machine is
compromised, the key is comprimised, whether or not somebody is typing in the
passphrase manually.  With automation, the only added risk is opening this to
the authorized administrators of the machine, who would have the passphrase
anyway.  Perhaps the machine will be a bit more open, but if it's comprimised,
the data that is being encrypted is comprimised anyway, regardless of
encryption.

To digress a bit, there is a concept in the real world called 'good enough'.
It means that most company's security is not as tight as what is needed for
the banking industry, which is not as tight as what is needed for the
military, which is not as tight as what is needed for three-letter-agencies.
Pick your spot in this scale, but don't force others to work up or down to
this same level.  

Just a general impression -- I get the feeling you are trying to scare newbies
away, rather than help them start using gnupg.  Not everybody can or will use
gnupg to your standards, and if you say "It's my way or the hiway", you won't
get many converts. 

- -- 
jeff at jeffenstein.org                  http://www.jeffenstein.org/
I want a bionic duck that strikes terror into the hearts of men, not a
bionic duck that looks like a lollipop.
                                -- Defect, found on kuro5hin
-----BEGIN PGP SIGNATURE-----

iQIVAwUBQe1r7hwPMBUZyYf1AQha3g//Tbf4G5x3hsaWgKqArATzxEQlbdVEL2c+
FNsUWaO20Trsv6PhIxpaG/uQZoG2bVncRfE9KiSl2n8oeaAbSq9dKUwvJa8XgAzP
wMNO8f1YCnXb95WvZptE5a3mU237CIvy52wJsZsfwusnYM8Fwrmd1l4vyYZmhP9e
vI0NF24KtqBffvboXtNbxXzedgm7ihrU9XZvcCv5CewcqPEtXBGDRMaIkMGeJ2cw
KXJepx9Hs71jAVCHAZx8scqX1TJSqGgtni30dxfYOhhto2F0Q9Hmbjh5RlnhMVAh
WZOnQqR1/ZI1Uav0omFg3aqxBJCk9Fs+We5VIlGYSaH8VIydpAFeMGRr4Wjw68qJ
yPzeAKAToipovFQH7f9Zq8lcLJEKM1HQaoyDJLnTqZE7xR6W2vCt2FZYS4Mced9z
S4tDp1a72WhylNQJ8jQirKpLbhRL/LYgHySknIlmLiGw6jfC10IL/yUvmmXGejBM
1HhdNRb80egIDv70aiqww7B0V7+scw1r51YfxI63Pt6bELbR2qGrlYajIF4Ojhhk
QPOgHkXJt3o1nOwTsVF3YMXHUHtT8Vos20+R+EGpqOpvGbqrRpnG5yJrziKiWr9h
SWepiW2vcy+F0UacNo4vK8vtztu6BC1LQH2LBuusxMnfIhaoqN3vWm//lNLk3yW/
8VIclDmyFuk=
=8cfh
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list