gpg over ssh...

[Gerhard Siegesmund]

Hello List

I don't know, whether this is a dump thing to do, but I had the
following idea, which I unfortunately didn't get to work.

I am working on linux (debian) with gpg (GnuPG) 1.4.0.

Say, I have a encrypted file somewhere on a server on the net.
Naturally I don't have my private key on that "unsave" server. I want
to use the output of the encrypted file in a pipe to do something with
it.

I don't like the idea to send the encrypted file back to my home-server
to decrypt it there and then send back the decrypted file to the
work-server. Also this would work, I would have to remember to remove
the decrypted file after the action.

My idea was to do something like the following:

cat encrypted_file.gpg | ssh me at my.home.server gpg --decrypt | do_something.sh

I don't want to do this automatically! Interactivly is great, as this
secures my private key with two passwords. The ssh-password and the
gpg-passphrase.

Unfortunatly this doesn't work.

The obvious fix seems to be

cat encrypted_file.gpg | ssh -tt me at my.home.server gpg --decrypt | do_something.sh

which doesn't work either.

So. Does this way sound correctly in your ears? How about security
(apart from the point, that my homeserver is available from the net,
which I know lowers my security a lot. I hope, my password is good
enough.)? Is this at all possible?

My main-point is to hold the private key on one server and not copy it
all over the internet.

-- 
cu
  --== Jerri ==--
Homepage: http://www.jerri.de/   ICQ: 54160208
Public PGP Key: http://www.jerri.de/jerris_public_key.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050320/9159b6c7/attachment.pgp