ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Christen" <...@active.ch>
Subject AW: Anybody with GnuPG or PGP on Windows?
Date Mon, 08 Apr 2002 17:52:55 GMT


> So I could write a GnuPG task for Unix today and probably never for
> Windows, bad luck.

When I wrote my GnuPG - Task (which wrapps GnuPG into ant) I faced the same
problem since we are using ant as our automation facility within the
production we needed a PGP compatible de-/encryption. Obviously there is no
secure way to do that - even the mentioned hack with the tty ...

Extract from the GnuPG FAQ

4.14) How can I use GnuPG in an automated environment?
You should use the option --batch and don't use pass phrases as there is
usually no way to store it more secure than the secret keyring itself. The
suggested way to create the keys for the automated environment is:

On a secure machine:

If you want to do automatic signing, create a signing subkey for your key
(edit menu, choose "addkey" and the DSA). [H LI] Make sure that you use a
passphrase (Needed by the current implementation)
gpg --export-secret-subkeys --no-comment foo >secring.auto
Copy secring.auto and the public keyring to a test directory.
Cd to this directory.
gpg --homedir . --edit foo and use "passwd" to remove the pass-phrase from
the subkeys. You may also want to remove all unused subkeys.
copy secring.auto to a floppy and carry it to the target box
On the target machine:
Install secring.auto as secret keyring.
Now you can start your new service. It is a good idea to install some
intrusion detection system so that you hopefully get a notice of an
successful intrusion, so that you in turn can revoke all the subkeys
installed on that machine and install new subkeys.

Regards
Thomas Christen


--
To unsubscribe, e-mail:   <mailto:ant-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:ant-dev-help@jakarta.apache.org>


Mime
View raw message