-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2/21/2015 11:42 AM, Daniele Nicolodi wrote: > On 18/02/15 19:46, Daniele Nicolodi wrote: >> I have an automated process that collects some data and unattended sends >> it via email. I want that data to be encrypted and signed. The >> encryption part is easy as it requires only public keys of the >> recipients. Signing, however, requires to make the private key used >> available to the process. >> >> I have a sufficient trust in the security of the server where the >> automated process runs, but I would like to reduce to a minimum the risks. >> >> What is the best practices in such cases? I can imagine several >> possible options: using a subkey of my key (is it possible to remove >> passphrase protection from a subkey?), using a dedicated key, using a >> subkey of a dedicated key and periodically rotate such subkey. > > Hello, > > I haven't received any comment on this. Is ti because the question is > too dummy, I'm being too naive, or the context is not explained with > sufficient detail? > > Thanks for your attention :) > > Cheers, > Daniele >
I'm no expert on the subject, but it seems the simplest and safest solution would be to use a subkey of a dedicated key and rotate it periodically if you're concerned about the key being compromised, especially since the key will not be password protected. I could be horribly wrong, but that's my two cents on it. - -- Antony Prince Key ID: 0x4F040744 Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744 URL: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0xA6E162424F040744 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJU6MljAAoJEKbhYkJPBAdEKF4H/1tFpKKSptF0fBt8uHmW1urf awYO+4KkcJ809C/5BYb+bMvnhSx2yPOIJUN0NNnrnxEz7rQsw1a70GgmJjyvS5zA gaIfXfGGS9dGesd5qgt0YuER7d5BqJgFRViBqxjXqbAqN72c64Oh9eADXeZ6fBfJ Q/6KuRo+wfeoWKiY2OJIZNzOxPWFladnfpM8Rj9HUK+mh+VX5q637LnBprbTXYym RvgEahQCgYmO88xjhbFLoVi12su+uw4PihVztudDbz3bxZKD4azoDFnikXX1Omjs q72LLuTwdkMExzNuxU+Ilmv+dGi17+gbc2ssPVs//PuAtqaGU3qX2KHUxaCzvTU= =gXjO -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
