Unattended signing
Daniele Nicolodi
daniele at grinta.net
Tue Feb 24 01:36:25 CET 2015
Hello Daniel,
thanks for your reply.
On 21/02/15 20:11, Daniel Kahn Gillmor wrote:
> On Wed 2015-02-18 13:46:19 -0500, Daniele Nicolodi wrote:
>> I have a sufficient trust in the security of the server where the
>> automated process runs, but I would like to reduce to a minimum the risks.
>
> there are risks with unattended signing in general, related to what
> messages you allow to get passed to your system. I'm sure you've
> already thought about this, but i'll just put it out there in case
> someone else reading this later hasn't thought about it enough.
I was not very clear on this: the unattended signing is performed by an
application that collects some sensible data and sends them by email
encrypted and signed.
>> What is the best practices in such cases? I can imagine several
>> possible options: using a subkey of my key (is it possible to remove
>> passphrase protection from a subkey?), using a dedicated key, using a
>> subkey of a dedicated key and periodically rotate such subkey.
>
> Using a dedicated key for your system would clearly be better than using
> your own personal key, but i don't know if it meets your other
> requirements (we don't know your requirements for the system).
>
> Using a subkey is a reasonable approach, and rotating (and destroying)
> the secret key of the rotated subkey is not a bad idea.
What do you exactly mean by "destroying"? Isn't setting a suitable
expire date enough?
Thanks. Cheers,
Daniele
More information about the Gnupg-users
mailing list