Unattended signing

Ingo Klöcker kloecker at kde.org
Tue Feb 24 21:25:17 CET 2015

On Tuesday 24 February 2015 01:36:25 Daniele Nicolodi wrote:
> Hello Daniel,
> thanks for your reply.
> On 21/02/15 20:11, Daniel Kahn Gillmor wrote:
> > On Wed 2015-02-18 13:46:19 -0500, Daniele Nicolodi wrote:
> >> I have a sufficient trust in the security of the server where the
> >> automated process runs, but I would like to reduce to a minimum the
> >> risks.
> > 
> > there are risks with unattended signing in general, related to what
> > messages you allow to get passed to your system.  I'm sure you've
> > already thought about this, but i'll just put it out there in case
> > someone else reading this later hasn't thought about it enough.
> I was not very clear on this: the unattended signing is performed by an
> application that collects some sensible data and sends them by email
> encrypted and signed.

I can understand that you want to encrypt the sensible data. But why do you 
want to sign it?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150224/3320f1f9/attachment.sig>

More information about the Gnupg-users mailing list