Unattended signing

Daniele Nicolodi daniele at grinta.net
Tue Feb 24 01:36:25 CET 2015

Hello Daniel,

thanks for your reply.

On 21/02/15 20:11, Daniel Kahn Gillmor wrote:
> On Wed 2015-02-18 13:46:19 -0500, Daniele Nicolodi wrote:
>> I have a sufficient trust in the security of the server where the
>> automated process runs, but I would like to reduce to a minimum the risks.
> there are risks with unattended signing in general, related to what
> messages you allow to get passed to your system.  I'm sure you've
> already thought about this, but i'll just put it out there in case
> someone else reading this later hasn't thought about it enough.

I was not very clear on this: the unattended signing is performed by an
application that collects some sensible data and sends them by email
encrypted and signed.

>> What is the best practices in such cases?  I can imagine several
>> possible options: using a subkey of my key (is it possible to remove
>> passphrase protection from a subkey?), using a dedicated key, using a
>> subkey of a dedicated key and periodically rotate such subkey.
> Using a dedicated key for your system would clearly be better than using
> your own personal key, but i don't know if it meets your other
> requirements (we don't know your requirements for the system).
> Using a subkey is a reasonable approach, and rotating (and destroying)
> the secret key of the rotated subkey is not a bad idea.

What do you exactly mean by "destroying"? Isn't setting a suitable
expire date enough?

Thanks. Cheers,

More information about the Gnupg-users mailing list