Hello, What is the risk ?
Are you worried that somebody uses the server to sign inappropriate documents ? If you cannot trust the guy that administers the server, then I guess that there is not much you can do to prevent him from signing inappropriate documents. You may choose to dispatch the responsibilities, so nobody has full administrator authorization. However, if you think that the administrators may collaborate with each other, then there is nothing you can do. Are you worried that somebody steals the server private key ? If you are only concerned by the theft of the secret key, then you can externalize the signature process to a Secure Signature Creation Device ( https://www.cryptomathic.com/products/authentication-signing/digital-signatures-faqs/what-is-a-secure-signature-creation-device ). Regards, Denis Le mar. 28 juil. 2020 à 12:19, Ayoub Misherghi via Gnupg-users < gnupg-users@gnupg.org> a écrit : > I am going to have a server machine doing encryption. How do you protect > against server operator or admin tampering. This is a scenario where internal > threat or hostility is high; you cannot trust your own guys. (Real situation; > not paranoid.) > > Thanks, > > Ayoub > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
