Possible to pass the private key?

Greg Motter greg_motter at hotmail.com
Thu Aug 23 20:40:20 CEST 2007


Hello all,

I have a couple of questions about how to handle the private key on a
server. The company I'm working with , is working with a consultant who said
the following:

"GNUPG has a keyring just like PGP. The private keys on that keyring need to
be controlled and not just left in the keyring file. If it's an automated
process to encrypt the flat files then you should compile the program doing
it with the private key. If it's a manual process, the private key needs to
be kept with someone off the server."

First off, from what i've read, it sounds like private keys are not kept in
the keyring, but rather in their own file that is then encrypted
symetrically using the passphrase?

Secondly is it possible to do what he is asking? Is it possible to pass in
the private key through gpg command? 

Next, If I could pass in the private key through the program itself, and
then secure the source code. Would the private key likely be more at risk in
the object code since it would not truly be encrypted at that point?

Basically what we are trying to do is encrypt flat text files that will be
on our server at rest. I'll be creating a subroutine to handle all of the
gpg goodness in the background. But we're still trying to work out the best
way that these files would be secure.

Obviously if we leave the private key out there, then any user who had
access to gpg would have access to the key, although not to the passphrase.

Is there some better way?

Thanks,

Greg Motter

-- 
View this message in context: http://www.nabble.com/Possible-to-pass-the-private-key--tf4319226.html#a12299545
Sent from the GnuPG - User mailing list archive at Nabble.com.




More information about the Gnupg-users mailing list