Am 30.12.2011 20:38, schrieb Rémy Oudompheng:
I just wrote a small proof of concept for remote PGP signing. It is written in Go (using the weekly snapshot, not the r60 release), and is hosted at: https://github.com/remyoudompheng/remotepgp
Usage is quite simple: - compile everything - run the server on the appropriate machine, for example ./server -addr localhost:10022 (by default it binds on localhost) - choose a remote file name - run the client: ./client -server http://localhost:10022/hash /home/remy/packages/blah
It does the following: - looks for the secret keyring in $HOME/.gnupg/secring.gpg - chooses the first secret key and asks for the passphrase if needed - sends a little chunk of bytes to the server - the server hashes the concatenation of the file and the little chunk and returns the hash - the client finishes the signature process and writes blah.sig in the current directory.
I didn't try this yet, but here is an important comment: When using IP networking for the connection, everyone on the server could access the service. Instead, you could run a service over ssh (like sftp-server), and open a UNIX socket with that service. Then, you can control who has access (only the user that runs the service). Apart from that, I like it :)