GnuPG Security Disaster?

Timo Schulz ts at winpt.org
Thu Jan 3 10:46:02 CET 2002


On Thu Jan 03 2002; 22:00, Bernard wrote:

Hi,

> How many threads do I need in case of
> "gpg.exe  --homedir[homedir] --always-trust --no-secmem-warning
> --batch --no-tty -r [recipient] -a -e" ?

AFAIK , you need one for the outbound data and one for the inbound.


> How shall I provide 2 separate logical pieces of data, 1 passphrase
> and 2 input data on stdin? I only have 1 stdin in the API - I cannot
> generate additional file descriptors AFAIK. That is where I came from

IMO, you can send the data with the passphrase at the begin like this:
"stupid_passphrase\n"
"raw/text data"

I used this style in early code of WinPT and it seems to work. It's
only important that you add a '\n' to the end because gpg expected
one line for the passphrase.


There is another way you can choose for sending the passphrase down
to gpg. With the --command-fd switch you can control all gpg input.
In the case gpg needs a passphrase the --status-fd output is:
[GNUPG:] GET_HIDDEN passphrase.enter
and then you can send the data with the pipe. I know this way is
more complicated because you need two additional pipes (status,
command) but it's the tidiest way.


    Timo




More information about the Gnupg-devel mailing list