Problem with Gnu-PG

Matthias Urlichs smurf at noris.de
Mon Feb 19 11:01:03 CET 2001


Hi,

> So I created secret.pss file, put my passphrase into it, and started
> to determine proper syntax for it.

If you do that, it is equally secure to just removing the passphrase from
the secret key entirely. No understanding of messy Unix semantics
required.

> This what You called "documentation" is a piece of junk for fools.

Replace "fools" with "people who know what they are doing".

It is not the purpose of GPG's manual to teach Unix For Rookie Programmers.

By storing the passphrase in a file, you demonstrate that you're not
really knowledgeable enough to do this safely.


For a pseudo-safe way to do this, I would use a shell script somewhat
like this one:

#!/bin/sh
echo -n "Passphrase: "; stty -echo; read pp; stty echo; echo ""

for i in "$@" ; do  ## each recipient
	echo "$i ..."
	echo "$pp" | gpg --passphrase-fd 0 --batch --whatever-other-arguments-"$i"
done

.. except that this is insecure, as the passphrase might end up in the
swap file.

-- 
Matthias Urlichs     |     noris network AG     |     http://smurf.noris.de/
-- 
Do not try to tell me that things can't get any worse or that the only
direction we can go is up.  They can and it isn't.
                                -- Nathan Cobb



More information about the Gnupg-devel mailing list