gpg over ssh...
Gerhard Siegesmund
jerri at jerri.de
Sun Mar 20 10:09:52 CET 2005
Hello List
I don't know, whether this is a dump thing to do, but I had the
following idea, which I unfortunately didn't get to work.
I am working on linux (debian) with gpg (GnuPG) 1.4.0.
Say, I have a encrypted file somewhere on a server on the net.
Naturally I don't have my private key on that "unsave" server. I want
to use the output of the encrypted file in a pipe to do something with
it.
I don't like the idea to send the encrypted file back to my home-server
to decrypt it there and then send back the decrypted file to the
work-server. Also this would work, I would have to remember to remove
the decrypted file after the action.
My idea was to do something like the following:
cat encrypted_file.gpg | ssh me at my.home.server gpg --decrypt | do_something.sh
I don't want to do this automatically! Interactivly is great, as this
secures my private key with two passwords. The ssh-password and the
gpg-passphrase.
Unfortunatly this doesn't work.
The obvious fix seems to be
cat encrypted_file.gpg | ssh -tt me at my.home.server gpg --decrypt | do_something.sh
which doesn't work either.
So. Does this way sound correctly in your ears? How about security
(apart from the point, that my homeserver is available from the net,
which I know lowers my security a lot. I hope, my password is good
enough.)? Is this at all possible?
My main-point is to hold the private key on one server and not copy it
all over the internet.
--
cu
--== Jerri ==--
Homepage: http://www.jerri.de/ ICQ: 54160208
Public PGP Key: http://www.jerri.de/jerris_public_key.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050320/9159b6c7/attachment.pgp
More information about the Gnupg-users
mailing list