Hello John > Have you considered copying the encrypted file with scp, the opening a > ssh sheel to decrypt & run?
Yes. As noted in my email this surely is one possibility. But this means I have to copy the encrypted file to my home-server, decrypt it there and then copy it back unencrypted to the work-server. After using the data in the unencrypted file I must not forget to delete the file afterwards. And you can't implement this simple in a script. With the piping this would simplify the whole process a lot. Maybe If I tell, what I want to do, this might simplify the answer. :) I have a small script, which creates all of my rc-files I normally use. As some of the rc-Files (like e.g. .muttrc) differ from server to server, I created template files which are filled by that mentioned script with the correct information to run as they should. Using darcs as revision control system I am able to always pull and push the newest versions of the configuration-files to/from all of the servers I am working at. Running update-configuration.sh at the server I get the newest and best configurations I am using right now (this is really great with vimrc, as I have some configurations in there which help my workflow a lot). Now comes the problematic part, which bites me a little bit. As I have all of the configurationfiles always on all servers (I have all of the different config-data in the repository too), if I have to add a password to a rc-file (like muttrc) all of my passwords for all servers are in this repository. Not a good idea and I am somehow nerveous about this. The great idea now was to put all of the sensitive data into an encrypted file, decryptable only with my private key. But now comes the misery. How to decrypt that file during update-configuration.sh without copying my private key to all of the servers I am using this script. I just remembered that symmetric encryption could solve the problem. But then I would have to have gpg installed on all servers (which might not be that big a problem). So. Is this piping at all doable, or should I use symmetric encryption with a good passphrase? -- cu --== Jerri ==-- Homepage: http://www.jerri.de/ ICQ: 54160208 Public PGP Key: http://www.jerri.de/jerris_public_key.asc
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
