auto sign files

Jeff Fisher jeff+gnupg at
Wed Jan 19 09:24:21 CET 2005

Hash: SHA256

On Tue, Jan 18, 2005 at 10:48:14PM +0000, Neil Williams wrote:
> On Tuesday 18 January 2005 8:05 pm, Jeff Fisher wrote:
> > It is encrypted before it leaves the machine,
> The original case was a file on a remote machine. 

Actually the original post didn't state anything about the file, only that he
wants to sign them automatically.  Nothing about where they came from or where
they are going.  I probably went too far in assuming that he was sending them

> > and  
> > you can guarantee that it was either signed by the script, or signed by
> > someone who broke into the machine. If it's the latter case, all bets are
> > off,
> Exactly. The recipient cannot tell if the machine has been compromised (the 
> signature on an attacker's file would validate as well as an original file 
> because the attacker can use the script).

But this is the general case.  It's irrelevant whether the machine is private
or not, whether it is automated or not.  If the machine holding the private
keys is comprimised, the signatures are suspect.  There are any number of key
loggers for NT/XP, builtin tty snoop programs for unix, etc...  The only risk
this particular usage adds is _authorized users_ of this machine.  If user x's
machine is comprimised, it makes no difference if he has a three paragraph
pass phrase, or if he is incredibly prudent in what he signs; his key is no
longer secure and all signatures verified after this are suspect.

> > As Adam said... This is more secure than the alternative.  If the machine
> > is compromised, the key is comprimised, whether or not somebody is typing
> > in the passphrase manually.
> Important distinction here. If the key is only ever kept on a private machine, 

If this is a corporate environment, there are no private machines.  If the
machines are not managed by some sort of administration group, then there will
be many more security problems than verifying these files...

> > Just a general impression -- I get the feeling you are trying to scare
> > newbies away, rather than help them start using gnupg. Not everybody can 
> > or will use gnupg to your standards, and if you say "It's my way or the
> > hiway", you won't get many converts.
> Never the intention, but those who ask about using a security program should 
> be able to get a response from those who have higher security needs. It 
> doesn't hurt to make the dangers known.

The problem is that you said this is less secure, without knowing the original
posters requirements.  It's like watching a Michael Moore film or a George
Bush speech.  When presented with half the facts and lots of opinion, with no
distinction between the two, people are not going to make good decisions.

- -- 
jeff at        
Prof:    So the American government went to IBM to come up with a data
         encryption standard and they came up with ...
Student: EBCDIC!


More information about the Gnupg-users mailing list