J. Michael Diehl <mdiehl@triton.unm.edu> writes:
I would like to use pgp on the mainframes, but don't want to store my secret key on their disks. Would it be possible to have pgp accept it's secret key via stdin. I could do an ascii upload of my secret key and never expose my key to disk-storage.
This is even more dangerous than storing it on the disks of a multi-user machine. Unless you are running in a kerberos environment it is trivial to snoop your upload off the network, and even without that weakness you are exposing yourself to the same problem that the docs mention (it is really pretty easy to scan someone's terminal input) only you are giving them the key outright instead of only giving them the passphrase to your key.
Point taken.
Bad idea.
Sure is. Thanx. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAiu21SIAAAECAMKkKKP4JIxSPR7rOUZ7mbi6yDPfFa7T6zOtOBX8iI939tIU 9JFTxdyvTejK3qmYDGozNaqySQ/0++nGqZgikcsABRG0LUouIE1pY2hhZWwgRGll aGwsIG1lLCA8bWRpZWhsQHRyaXRvbi51bW4uZWR1Pg== =YquS -----END PGP PUBLIC KEY BLOCK-----