auto sign files

Atom Smasher atom at
Thu Jan 20 07:52:42 CET 2005

Hash: SHA256

there seems to be something that's being overlooked in this thread... what 
key is being used to auto-sign with?

i personally have scripts that generate signed files without me typing a 
passphrase (this is facilitated by a key with no passphrase). normally 
this would be considered incredibly stupid, but there's one thing about it 
that make it OK by my standards: i'm not using *my* key.

sure, i'm using a key that's exclusively under my control, but that key is 
not part of *my* key (0xD9F57808) or the WoT. as a matter of fact, the key 
isn't even distributed publicly. the UID is meaningless to anyone who 
doesn't know what it is, and the key has no third party signatures.

if i have any reason to suspect that an auto-signing key is compromised i 
can replace it with a new key. assuming that the public part of that key 
is only being used by a small group of people it's probably overkill to 
formally revoke it... just replace it.

i would *NEVER* use _my_ key or any subkey for signing on auto-pilot, but 
for a key that's only used for a specific purpose it *can* increase 
overall security... one example is a remote IDS scan that's run from my 
desktop... every night it generates a report for each server that it 
scans, and then emails the report to my mail server. the report then sits 
on my mail server waiting to be read... but what if the mail server is 
hacked? a hacker could change the report before i see it. by auto-signing 
the report on my desktop before mailing it out, i will know immediately if 
the report was altered in any way (after leaving my desktop). IMHO the net 
effect is an increase in security.

and if my desktop is hacked? in that case i would have to consider *my* 
compromised, strong passphrase and all.

this reminds me of a true story: someone from an unnamed internet bank 
wanted a custom version of the "gpg_encrypt" php script that would add a 
signature to the encrypted email. i tried to explain that it would be 
creating a _sense_ of security, while probably not _actually_ increasing 
security. they insisted that they required the signature. i gave them what 
they wanted, and everything seemed fine on my end but they were having 
problems getting it to work on their end. after a few rounds of tests that 
i had them perform on their server, it turned out that they're running 
their internet bank on a SHARED SERVER that's maintained by their hosting 
company!!! they have *ZERO* control over the administration of the server! 
i tried to explain that this was not only the cause of their problems but 
also HORRIBLY INSECURE, but they just didn't get it. all of the strong 
crypto in the world can't keep their customers' banking information 

- -- 

  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"We cannot simply suspend or restrict civil liberties until
 	 the War of Terror is over, because the War on Terror is
 	 unlikely ever to be truly over... September 11, 2001,
 	 already a day of immeasurable tragedy, cannot be the day
 	 liberty perished in this country."
 		-- Judge Gerald Tjoflat, 16 Oct 2004

Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?


More information about the Gnupg-users mailing list