[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.
From: |
Neal Clark |
Subject: |
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc. |
Date: |
Fri, 13 Apr 2007 11:51:37 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ah hah! What I think I've settled on is a passphrase-less keypair for
signing and a passphrase-d keypair for encrypting, where the private
encryption key is nowhere to be found on any of the colocated
systems. I guess this doesn't solve the "key tampering" problem but
it seems like it would provide some means of integrity checking over
"not signing at all."
also, someone suggested use of ssh-agent at some point in this
discussion, a misunderstanding it seems since we were talking about
gpg keys. well I did some looking around juts for fun, and I found
out about gpg-agent, which could be used in some fashion to get
around my particular concerns, but I think this method above will work.
Thanks a lot Charles and everyone else!
- -Neal
- --
public key: http://thrownproject.com/8C02CC33.asc
On Apr 13, 2007, at 2:58 AM, Charles Duffy wrote:
Neal Clark wrote:
so I'm not sure how I could specify the --encrypt option to say
"use the public key and not the private key and don't ask me for a
password." Do I do something on the gpg end, changing the public
key's ID somehow or something to that effect (c/f above, only
experienced with encrypting e-mails :)
GPG doesn't need the private key to encrypt; it needs the private
key to *sign*. So what you lose when you get rid of the private key
is the ability to detect whether your backup has been tampered with
(but anyone who captures the private key could then tamper with it
anyway).
Tell GPG to encrypt without signing, and you should be able to take
the private key out of your private keyring. (You'll need to keep
it somewhere to be able to do restores, of course).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFGH9E6OUuHw4wCzDMRAgs2AJsGuoIl8mcXd2h3njS68sURKyHH9ACfQtu4
wJA3uVA2ylWjP4OCFflnBLM=
=X4sd
-----END PGP SIGNATURE-----
- [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Jay Summet, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Neal Clark, 2007/04/12
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Charles Duffy, 2007/04/13
- Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.,
Neal Clark <=
Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc., Mark Rose, 2007/04/12