GPG Passphrase Caching

Robert J. Hansen rjh at sixdemonbag.org
Wed Nov 21 00:27:51 CET 2007


Matthew Loring wrote:
> I am using the binary version of GPG for Windows, version 1.47.  
> Everything works fine, but I have a need to automatically decrypt  
> files through a script. The hangup that I have right now is that GPG  
> wants me to enter in my passphrase when decrypting files. Is there a  
> way to cache the passphrase or save it in a file so that it does not  
> prompt me to enter my passphrase for my secret key?

Yes, although this usage is not recommended.

--passphrase <string>

--passphrase-file <filename>


Please note that the former will make the passphrase available to anyone
with enough privileges to read the process table, and the latter will
leave your passphrase around in a file on the system which you're then
responsible for securing somehow.

You may want to simply remove the passphrase from the key, which may be
a superior solution.  At least then there's no false sense of security
which might otherwise accompany either of --passphrase or --passphrase-file.




More information about the Gnupg-users mailing list