GnuPG usage for automatic remote decryption
gnupg-users.dirk at o.banes.ch
gnupg-users.dirk at o.banes.ch
Thu Apr 5 21:46:25 CEST 2018
Hello Ken,
basically what you trying to archive is difficult.
I can only comment on " * To encrypt the file by a public key" since
frankly I think the second option does not exist unless you are talking
about symetrical crypto.
Two points:
A) You could try to automatically ssh into the remote machine to
trigger decryption and passphrase entry.
B) You can secure the private key on the remote machine by using a
Secure Element. OpenPGP Card, Yubikey......
Since the key resides only on the Secure Element and can not be
exported it is save from virtual theft - obviously someone still can
steal the key and machine if he has physical access.
However still an attacker can use the passphrase to use the
Secure Element on this machine if he gets hold of the passpharse.
regards Dirk
On 05.04.2018 10:50, 周詮儒 wrote:
> Hi,
>
> The situation is that there is a machine on remote. And I want to send
> an encrypted file to that remote machine and let the machine decrypt
> the file automatically. So I'm facing the problem that:
>
> * To encrypt the file by a public key:
>
> Which means I have to put a secret key on the remote machine. But
> it is not an ideal solution. Since a secret key needs a passphrase to
> use. Further more, a secret key on a remote machine isn't under enough
> protection. That may have some security issue.
>
> * To encrypt the file by a secret key:
>
> This can meet my needs. But it seems that GnuPG doesn't support
> the feature for encryption by secret key.
>
> Any suggestion on this situation?
>
> regards,
> Ken
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
More information about the Gnupg-users
mailing list