gpg over ssh...

John Clizbe JPClizbe at comcast.net
Sun Mar 20 11:19:46 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerhard Siegesmund wrote:
> Hello List
> 
> I don't know, whether this is a dump thing to do, but I had the
> following idea, which I unfortunately didn't get to work.
> 
> I am working on linux (debian) with gpg (GnuPG) 1.4.0.
> 
> Say, I have a encrypted file somewhere on a server on the net.
> Naturally I don't have my private key on that "unsave" server. I want
> to use the output of the encrypted file in a pipe to do something with
> it.
> 
> I don't like the idea to send the encrypted file back to my home-server
> to decrypt it there and then send back the decrypted file to the
> work-server. Also this would work, I would have to remember to remove
> the decrypted file after the action.
> 
> My idea was to do something like the following:
> 
> cat encrypted_file.gpg | ssh me at my.home.server gpg --decrypt | do_something.sh
> 
> I don't want to do this automatically! Interactivly is great, as this
> secures my private key with two passwords. The ssh-password and the
> gpg-passphrase.
> 
> Unfortunatly this doesn't work.
> 
> The obvious fix seems to be
> 
> cat encrypted_file.gpg | ssh -tt me at my.home.server gpg --decrypt | do_something.sh
> 
> which doesn't work either.
> 
> So. Does this way sound correctly in your ears? How about security
> (apart from the point, that my homeserver is available from the net,
> which I know lowers my security a lot. I hope, my password is good
> enough.)? Is this at all possible?
> 
> My main-point is to hold the private key on one server and not copy it
> all over the internet.

Dunno about the piping.

Have you considered copying the encrypted file with scp, the opening a
ssh sheel to decrypt & run?
- --
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the £33t ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCPU5BHQSsSmCNKhARAvWwAJ4s9CSt5za//B5K1/Lub+2zb0LloACguTY/
s+17+W9qXwXGxRYSXazQFQk=
=OFTm
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list