Re: PGP scripting...

> > > I think that client is probably worried about regular users
In my scenario, the files are not in a shared location, per se. They are being sent by an outside source to a sftp server, and then downloaded to an internal machine where the processing will be done. The production machine won't be multi-user per se (we'll be the only ones on it). We're also more interested in 'external cracker' than 'internal sabotage'. This was a decision made by the client as well.

I have made it clear to my client time and time again that the security of that box will make a bigger difference in the long run than PGP encrypting the files on it ever will (they implemented this PGP everything policy before any other security policies).

What I'm trying to do is determine for the future the best way to keep files encrypted while still being able to access them through batch jobs (no human interaction), and process their data (un-encrypt them only while using them, but not storing a temporary un-encrypted form of the file).

It sounds like having a separate 'secure' box to handle the encryption seems like a good way to go. This at least centralizes ones private key(s), and thus administration.

-- 
// Andrew MacKenzie  |  
http://www.edespot.com
// An intellectual snob is someone who can listen to the William Tell
// Overture and not think of The Lone Ranger.