Didier Casse wrote:
Now on my system I need to build rpm automatically ( without human intervention)! Is it possible to have my paraphrase being read in a file rather than me sitting in front of the computer and actually typing it?
I would suggest that you create a special key for automated signing and store it without a passphrase but closely guarded by file access permissions. This is the usual thing to do when programs need to use crypto keys without manual interaction. There's no point in encrypting a key with a passphrase and then storing the passphrase on the disk. That's no more secure than keeping the key unencrypted.
I'm not familiar with rpmbuild, but you can hope that it doesn't ask for a passphrase if none is needed.
If you like you can keep the autosigning key on an encrypted disk and type the password for the disk when it is mounted at boot. That way the key will be safe when the computer is off, even if someone steals your disk.
Sign the autosigning key with your personal key.
Björn Persson
