auto sign files

Jeff Fisher jeff+gnupg at
Tue Jan 18 21:05:03 CET 2005

Hash: SHA256

On Tue, Jan 18, 2005 at 12:33:18PM +0000, Neil Williams wrote:
> On Tuesday 18 January 2005 9:08 am, Adam Cripps wrote:
> > As a newbie in this area, I understand that there are at least two
> > types of security - the most desirable security and more secure than
> > now. This scenario fits in to the latter.
> Wrong - it falls into the security trap of being LESS secure than current.

How is it less secure?  It is encrypted before it leaves the machine, and you
can guarantee that it was either signed by the script, or signed by someone
who broke into the machine. If it's the latter case, all bets are off, because
they could steal your private key and passphrase at will anyway, even if
you're using pgp off of a usb key and following all of the other recommended

> > Sure, automated signing is not desirable as it still has flaws within
> > it if someone cracks your machine. But the alternative may be sending
> > out unsigned files, which is even less secure
> No, it's to send signed files that are copied in to place from a private 
> machine.
> Keep private keys on private machines.

I belive the original problem was to automate this.  If you've never managed
a production environment, automation means no private machines.

As Adam said... This is more secure than the alternative.  If the machine is
compromised, the key is comprimised, whether or not somebody is typing in the
passphrase manually.  With automation, the only added risk is opening this to
the authorized administrators of the machine, who would have the passphrase
anyway.  Perhaps the machine will be a bit more open, but if it's comprimised,
the data that is being encrypted is comprimised anyway, regardless of

To digress a bit, there is a concept in the real world called 'good enough'.
It means that most company's security is not as tight as what is needed for
the banking industry, which is not as tight as what is needed for the
military, which is not as tight as what is needed for three-letter-agencies.
Pick your spot in this scale, but don't force others to work up or down to
this same level.  

Just a general impression -- I get the feeling you are trying to scare newbies
away, rather than help them start using gnupg.  Not everybody can or will use
gnupg to your standards, and if you say "It's my way or the hiway", you won't
get many converts. 

- -- 
jeff at        
I want a bionic duck that strikes terror into the hearts of men, not a
bionic duck that looks like a lollipop.
                                -- Defect, found on kuro5hin


More information about the Gnupg-users mailing list