Am 30.12.2011 20:38, schrieb Rémy Oudompheng: > I just wrote a small proof of concept for remote PGP signing. > It is written in Go (using the weekly snapshot, not the > r60 release), and is hosted at: > https://github.com/remyoudompheng/remotepgp > > Usage is quite simple: > - compile everything > - run the server on the appropriate machine, for example > ./server -addr localhost:10022 > (by default it binds on localhost) > - choose a remote file name > - run the client: > ./client -server http://localhost:10022/hash /home/remy/packages/blah > > It does the following: > - looks for the secret keyring in $HOME/.gnupg/secring.gpg > - chooses the first secret key and asks for the passphrase if needed > - sends a little chunk of bytes to the server > - the server hashes the concatenation of the file and the little chunk > and returns the hash > - the client finishes the signature process and writes blah.sig in the > current directory.
I didn't try this yet, but here is an important comment: When using IP networking for the connection, everyone on the server could access the service. Instead, you could run a service over ssh (like sftp-server), and open a UNIX socket with that service. Then, you can control who has access (only the user that runs the service). Apart from that, I like it :)
signature.asc
Description: OpenPGP digital signature