Re: Rawhide signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 23, 2004 at 09:50:42AM +0100, Rui Miguel Seabra wrote:
> On Tue, 2004-06-22 at 23:40 +0100, Luciano Miguel Ferreira Rocha wrote:
> > gpg --passphrase-fd=0 ... <<EOF
> > my passphrase
> > EOF
> > ?
> > 
> > Or why not just remove the passphrase all together? Sure, the private key
> > would end up unprotected, but having the passphrase on a script doesn't
> > give that much protection either.
> 
> Because that would unprotect the key.
Key with passphrase stored in a script isn't that much protected, either.

> However, restricting access both to the script or to the file containing
> the password is important AND POSSIBLE TO DO (at least partially) with
> SELinux.

If access to the file containing the password is possible to restrict,
then access to the key is also possible to restrict, in the same, and as
secure, way.

Regards,
Luciano Rocha

-- 
Consciousness: that annoying time between naps.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux