Automated processes

John M Church at
Fri Apr 7 21:56:05 CEST 2006

Not sure if "mask the passphrase in a non-obvious way" does justice to 
encrypting it with a filter and strong algorithm - ref. 
<>.  Were you 
thinking I was only hiding it in clear text? 

In any event, I agree with you - access to my script should be extremely 
limited both from a permissions standpoint and location (firewall).


Qed wrote:

>Hash: RIPEMD160
>On 04/07/2006 04:16 PM, John M Church wrote:
>>I think it's simplistic to just brush-off this request as a user who
>>wants convenience.  There are very valid reasons for automated
>>decryption.  I'm working a similar project (and have my own issue - see
>>"Automated Decryption via Script Running Setuid" written 4/5/06).  Seems
>>to me if you protect your script and you are behind a firewall you're
>>not 'trading security for convenience'.
>>You can even encrypt the passphrase in your script if you're afraid
>>someone with sudo or root priveldges could open your script.
>If you encrypt the passphrase in your script you still need a secure way
>to provide the key to decrypt it, same problem as providing the passphrase.
>Instead, if you meant "mask the passphrase in a non obvious way",
>this solution offer no additional security, since that could be easily
>reversed having access to the script.
>- --
>  Q.E.D.
>ICQ UIN: 301825501
>OpenPGP key ID: 0x58D14EB3
>Key fingerprint: 00B9 3E17 630F F2A7 FF96  DA6B AEE0 EC27 58D1 4EB3
>Check fingerprints before trusting a key!
>Version: GnuPG v1.4.2.2 (GNU/Linux)
>Gnupg-users mailing list
>Gnupg-users at

More information about the Gnupg-users mailing list