On Sat, Sep 10, 2011 at 8:30 AM,
<address@hidden> wrote:
On 10.09.2011 05:53, Joey Morin wrote:
>i'm also unclear as to how this can fully mitigate the risks associated with 1) through 3) while maintaining fully unattended operation.
sorry what do you mean? 4. as the only alternative does it perfectly because 5. currently is not reliable.
apologies. specifically, i wondered if gpg-agent could be configured to operate in a fully unattended fashion even after a reboot. and if so, how is that any more secure than using no passphrases at all?
if gpg-agent enables the use of a key without requiring its passphrase, then would not a root-compromised machine be as much of a security issue as if that machine had used plaintext storage of those passphrases, or no passphrases at all? once compromised, an attacker could employ gpg-agent on the source machine to expose the encrypted backups.
mind you, i suppose the threat stops there. without the actual passphrases, the keys could not be used on anything but the gpg-agent enabled source machine, so an off-source-machine breach of the backups would require a leak of both keys and passphrases.
in any case, even if gpg-agent can enable fully opaque and unattended operation, if it requires the use of a patched version, i'm inclined to simply use non-passphrase-protected keys and hope for the best.
thank you for your response.
cheers,
jj