gpg over ssh...

Gerhard Siegesmund jerri at jerri.de
Sun Mar 20 12:03:59 CET 2005


Hello John

> Have you considered copying the encrypted file with scp, the opening a
> ssh sheel to decrypt & run?

Yes. As noted in my email this surely is one possibility. But this means
I have to copy the encrypted file to my home-server, decrypt it there
and then copy it back unencrypted to the work-server. After using the
data in the unencrypted file I must not forget to delete the file
afterwards.

And you can't implement this simple in a script. With the piping this
would simplify the whole process a lot.

Maybe If I tell, what I want to do, this might simplify the answer. :)

I have a small script, which creates all of my rc-files I normally use.
As some of the rc-Files (like e.g. .muttrc) differ from server to
server, I created template files which are filled by that mentioned
script with the correct information to run as they should. Using darcs
as revision control system I am able to always pull and push the newest
versions of the configuration-files to/from all of the servers I am
working at. Running update-configuration.sh at the server I get the
newest and best configurations I am using right now (this is really
great with vimrc, as I have some configurations in there which help my
workflow a lot).

Now comes the problematic part, which bites me a little bit. As I have
all of the configurationfiles always on all servers (I have all of the
different config-data in the repository too), if I have to add a
password to a rc-file (like muttrc) all of my passwords for all servers
are in this repository. Not a good idea and I am somehow nerveous about
this.

The great idea now was to put all of the sensitive data into an
encrypted file, decryptable only with my private key. But now comes the
misery. How to decrypt that file during update-configuration.sh without
copying my private key to all of the servers I am using this script.

I just remembered that symmetric encryption could solve the problem. But
then I would have to have gpg installed on all servers (which might not
be that big a problem).

So. Is this piping at all doable, or should I use symmetric encryption
with a good passphrase?

-- 
cu
  --== Jerri ==--
Homepage: http://www.jerri.de/   ICQ: 54160208
Public PGP Key: http://www.jerri.de/jerris_public_key.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050320/eef7ff49/attachment-0001.pgp


More information about the Gnupg-users mailing list