Unattended signing

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Feb 21 20:11:55 CET 2015


On Wed 2015-02-18 13:46:19 -0500, Daniele Nicolodi wrote:
> I have a sufficient trust in the security of the server where the
> automated process runs, but I would like to reduce to a minimum the risks.

there are risks with unattended signing in general, related to what
messages you allow to get passed to your system.  I'm sure you've
already thought about this, but i'll just put it out there in case
someone else reading this later hasn't thought about it enough.

> What is the best practices in such cases?  I can imagine several
> possible options: using a subkey of my key (is it possible to remove
> passphrase protection from a subkey?), using a dedicated key, using a
> subkey of a dedicated key and periodically rotate such subkey.

Using a dedicated key for your system would clearly be better than using
your own personal key, but i don't know if it meets your other
requirements (we don't know your requirements for the system).

Using a subkey is a reasonable approach, and rotating (and destroying)
the secret key of the rotated subkey is not a bad idea.

Take a look at --export-secret-subkeys and the --export-options
"export-reset-subkey-passwd" in the gpg manual for your next steps.

Please report back here if you have any problems.

hth,

        --dkg



More information about the Gnupg-users mailing list