A feature reqest which is high on my to-do list for AIRT is the ability to digitally sign outgoing email messages using GnuPG.

Unfortunately, this is a dilemma. To unlock a private key (which is needed to digitally sign a message), a passphrase is generally required. That passphrase must be passed to GnuPG each time a message is to be signed. To be able to sign messages from a program, there are basically four options.

  • Use a private key without a passphrase;
  • Prompt the user for a passphrase each time a message is sent;
  • Cache a passphrase for the duration of a session;
  • Cache the passphrase in a database.

Obviously, using a private key that does not have a passphrase seems like an extremely bad idea. However section 4.14) How can I use GnuPG in an automated environment? of the GnuPG Frequently Asked Questions states:

You should use the option --batch and don't use passphrases as there is usually no way to store it more securely than on the secret keyring itself.

I guess the best way to go ahead is to create a trusted key and a signing key. Remove the passphrase from the signing key, and sign it with the trusted key. This way, the validity of the signing key can be given a little bit more credibility.