On Wed, Feb 19, 2003 at 10:39:01AM +1300, Tom Eastman wrote:
>
> That being the case, I'd still like to use symmetrical encryption. But now I
> have to find a way to automate the entry of the passphrase in a backup script.
> Does GPG allow such monstrous security hazard as that? :-)
Well, /bin/sh certainly does, as does its friend /usr/bin/expect. ;)
>From your original post though, there's something that's not quite clear
to me: isn't the idea to have a batch of files leave one machine and end
up on another? I wasn't sure whether you really do need the final
storage form to be encrypted, or if you just want to protect the files
while in transit.
If the latter, there are lots and lots of ways that don't involve gpg at
all. The old find | cpio | bzip2 | ssh | bzip2 | cpio chain is my
personal favorite, but if you're not up to that there's always scp -r or
sftp. If you're stuck using sneakernet, well that's different.
If what you want is to store a bunch of stuff, for however long, in a
small number of encrypted cpio (or tar or whatever) archives, are there
really going to be so many of them that it justifies a script with a
password in it? And, if you're worried enough about privacy to want to
store your files in an encrypted form, why would you also simultaneously
want to store the key to unlock them in a script on the same system? If
you store the password+script elsewhere, you're back to the same problem
you had with keeping a key on a floppy, only now it's a script instead of
a key.
Or maybe I'm misunderstanding something.
--
# Michael Jinks, IB # JFI/MRSEC/EFI Computing # University of Chicago #
Reader! Think not that
technical information
ought not be called speech; -- Anonymous, "How to decrypt a DVD"
--
[EMAIL PROTECTED] mailing list
