Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.

[Neal Clark]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ah hah! What I think I've settled on is a passphrase-less keypair for  
signing and a passphrase-d keypair for encrypting, where the private  
encryption key is nowhere to be found on any of the colocated  
systems. I guess this doesn't solve the "key tampering" problem but  
it seems like it would provide some means of integrity checking over  
"not signing at all."

also, someone suggested use of ssh-agent at some point in this  
discussion, a misunderstanding it seems since we were talking about  
gpg keys. well I did some looking around juts for fun, and I found  
out about gpg-agent, which could be used in some fashion to get  
around my particular concerns, but I think this method above will work.

Thanks a lot Charles and everyone else!

- -Neal
- --
public key: http://thrownproject.com/8C02CC33.asc


On Apr 13, 2007, at 2:58 AM, Charles Duffy wrote:

> Neal Clark wrote:
> > so I'm not sure how I could specify the --encrypt option to say  
> > "use the public key and not the private key and don't ask me for a  
> > password." Do I do something on the gpg end, changing the public  
> > key's ID somehow or something to that effect (c/f above, only  
> > experienced with encrypting e-mails :)
>
> GPG doesn't need the private key to encrypt; it needs the private  
> key to *sign*. So what you lose when you get rid of the private key  
> is the ability to detect whether your backup has been tampered with  
> (but anyone who captures the private key could then tamper with it  
> anyway).
>
> Tell GPG to encrypt without signing, and you should be able to take  
> the private key out of your private keyring. (You'll need to keep  
> it somewhere to be able to do restores, of course).

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGH9E6OUuHw4wCzDMRAgs2AJsGuoIl8mcXd2h3njS68sURKyHH9ACfQtu4
wJA3uVA2ylWjP4OCFflnBLM=
=X4sd
-----END PGP SIGNATURE-----