antony at blazrsoft.com
Sat Feb 21 19:07:38 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 2/21/2015 11:42 AM, Daniele Nicolodi wrote:
> On 18/02/15 19:46, Daniele Nicolodi wrote:
>> I have an automated process that collects some data and unattended sends
>> it via email. I want that data to be encrypted and signed. The
>> encryption part is easy as it requires only public keys of the
>> recipients. Signing, however, requires to make the private key used
>> available to the process.
>> I have a sufficient trust in the security of the server where the
>> automated process runs, but I would like to reduce to a minimum the risks.
>> What is the best practices in such cases? I can imagine several
>> possible options: using a subkey of my key (is it possible to remove
>> passphrase protection from a subkey?), using a dedicated key, using a
>> subkey of a dedicated key and periodically rotate such subkey.
> I haven't received any comment on this. Is ti because the question is
> too dummy, I'm being too naive, or the context is not explained with
> sufficient detail?
> Thanks for your attention :)
I'm no expert on the subject, but it seems the simplest and safest
solution would be to use a subkey of a dedicated key and rotate it
periodically if you're concerned about the key being compromised,
especially since the key will not be password protected. I could be
horribly wrong, but that's my two cents on it.
Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Gnupg-users