Automate decryption
David Shaw
dshaw at jabberwocky.com
Sat Aug 30 04:18:58 CEST 2008
On Aug 29, 2008, at 1:22 PM, Duwaine Robinson wrote:
> That exactly is my problem because I don't want my passphrase to be
> accessible.
That makes things difficult. You basically have two choices: One,
store your passphrase on disk (or just use no passphrase at all).
Two, have something that prompts for your passphrase at boot time and
caches it in memory for you (gpg-agent, or you can roll your own).
One has security problems if someone else can get access to the box,
Two has problems if someone can get access to the box, plus problems
if you have an unexpected reboot (power failure or crash) and a human
isn't around to type in the passphrase.
Many people solve this problem with method One, and then making sure
they lock the box down tightly.
David
More information about the Gnupg-users
mailing list