Few questions
Werner Koch
wk at isil.d.shuttle.de
Thu Jul 23 19:43:11 CEST 1998
lannert at uni-duesseldorf.de writes:
> > echo "Secret and geheime Passphrase" | pgp --passphrase-fd 0 ...
>
> This exposes the passphrase as well (as long as the echo process is
Ah yes, sure. I wrote this to demonstrate that feature. Most shells
have "echo" build in so it is not a different process and the
commandline history is another source of unsecurity ;-). Mutt does it
correct by writing the password to a pipe - A better solution is a
kind of password agent like the ssh-agent which can provide the
passphrase in a shared locked memory page. I'll do this kind of stuff
to integrate gnupg with GnomePGP.
Werner
More information about the Gnupg-devel
mailing list