scripting gpg
Jerome Baum
jerome at jeromebaum.com
Thu May 5 02:44:14 CEST 2011
On Thu, May 5, 2011 at 02:19, Jon Drukman <jsd at cluttered.com> wrote:
> putenv('HOME=/tmp/gpg');
> @mkdir('/tmp/gpg');
>
At this point, you should be watching carefully. What if another user has
created this directory to spoof the key?
Use the appropriate command for creating a unique temporary directory.
Should be mktemp or similar.
> system("/usr/bin/gpg --batch --yes --import /sites/config/public_key.asc");
> system("/usr/bin/gpg --batch --yes --no-ask-cert-level --trust-model always
> --output $filename.gpg --encrypt --recipient $recipient $filename >
> /tmp/gpg.log
> 2>&1");
Again, what if the keyring is already in place? Could even be yourself --
you create the keyring once, import the public key at the time, then later
update the public key and import again -- now, which key to use?
--
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110505/b6d78b59/attachment.htm>
More information about the Gnupg-users
mailing list