Thursday, May 19, 2005

Digitally signing messages with GnuPG from a PHP script

A feature reqest which is high on my to-do list for AIRT is the ability to digitally sign outgoing email messages using GnuPG.

Unfortunately, this is a dilemma. To unlock a private key (which is needed to digitally sign a message), a passphrase is generally required. That passphrase must be passed to GnuPG each time a message is to be signed. To be able to sign messages from a program, there are basically four options.

  • Use a private key without a passphrase;
  • Prompt the user for a passphrase each time a message is sent;
  • Cache a passphrase for the duration of a session;
  • Cache the passphrase in a database.

Obviously, using a private key that does not have a passphrase seems like an extremely bad idea. However section 4.14) How can I use GnuPG in an automated environment? of the GnuPG Frequently Asked Questions states:

You should use the option --batch and don't use passphrases as there is usually no way to store it more securely than on the secret keyring itself.

I guess the best way to go ahead is to create a trusted key and a signing key. Remove the passphrase from the signing key, and sign it with the trusted key. This way, the validity of the signing key can be given a little bit more credibility.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.