Unattended signing

Daniele Nicolodi daniele at grinta.net
Wed Feb 18 19:46:19 CET 2015


I have a quite simple question on best practice for the use of GPG. I
haven't found an answer searching online. I hope this mailing list is
the right place for asking.

I have an automated process that collects some data and unattended sends
it via email. I want that data to be encrypted and signed. The
encryption part is easy as it requires only public keys of the
recipients. Signing, however, requires to make the private key used
available to the process.

I have a sufficient trust in the security of the server where the
automated process runs, but I would like to reduce to a minimum the risks.

What is the best practices in such cases?  I can imagine several
possible options: using a subkey of my key (is it possible to remove
passphrase protection from a subkey?), using a dedicated key, using a
subkey of a dedicated key and periodically rotate such subkey.

Ideas? Comments?

Thanks. Cheers,

More information about the Gnupg-users mailing list