Automate decryption

David Shaw dshaw at jabberwocky.com
Sat Aug 30 04:18:58 CEST 2008


On Aug 29, 2008, at 1:22 PM, Duwaine Robinson wrote:

> That exactly is my problem because I don't want my passphrase to be
> accessible.

That makes things difficult.  You basically have two choices: One,  
store your passphrase on disk (or just use no passphrase at all).   
Two, have something that prompts for your passphrase at boot time and  
caches it in memory for you (gpg-agent, or you can roll your own).   
One has security problems if someone else can get access to the box,  
Two has problems if someone can get access to the box, plus problems  
if you have an unexpected reboot (power failure or crash) and a human  
isn't around to type in the passphrase.

Many people solve this problem with method One, and then making sure  
they lock the box down tightly.

David



More information about the Gnupg-users mailing list