Hello Ken, basically what you trying to archive is difficult. I can only comment on " * To encrypt the file by a public key" since frankly I think the second option does not exist unless you are talking about symetrical crypto.
Two points: A) You could try to automatically ssh into the remote machine to trigger decryption and passphrase entry. B) You can secure the private key on the remote machine by using a Secure Element. OpenPGP Card, Yubikey...... Since the key resides only on the Secure Element and can not be exported it is save from virtual theft - obviously someone still can steal the key and machine if he has physical access. However still an attacker can use the passphrase to use the Secure Element on this machine if he gets hold of the passpharse. regards Dirk On 05.04.2018 10:50, 周詮儒 wrote: > Hi, > > The situation is that there is a machine on remote. And I want to send > an encrypted file to that remote machine and let the machine decrypt > the file automatically. So I'm facing the problem that: > > * To encrypt the file by a public key: > > Which means I have to put a secret key on the remote machine. But > it is not an ideal solution. Since a secret key needs a passphrase to > use. Further more, a secret key on a remote machine isn't under enough > protection. That may have some security issue. > > * To encrypt the file by a secret key: > > This can meet my needs. But it seems that GnuPG doesn't support > the feature for encryption by secret key. > > Any suggestion on this situation? > > regards, > Ken > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users