GnuPG Security Disaster?
ts at winpt.org
Thu Jan 3 10:46:02 CET 2002
On Thu Jan 03 2002; 22:00, Bernard wrote:
> How many threads do I need in case of
> "gpg.exe --homedir[homedir] --always-trust --no-secmem-warning
> --batch --no-tty -r [recipient] -a -e" ?
AFAIK , you need one for the outbound data and one for the inbound.
> How shall I provide 2 separate logical pieces of data, 1 passphrase
> and 2 input data on stdin? I only have 1 stdin in the API - I cannot
> generate additional file descriptors AFAIK. That is where I came from
IMO, you can send the data with the passphrase at the begin like this:
I used this style in early code of WinPT and it seems to work. It's
only important that you add a '\n' to the end because gpg expected
one line for the passphrase.
There is another way you can choose for sending the passphrase down
to gpg. With the --command-fd switch you can control all gpg input.
In the case gpg needs a passphrase the --status-fd output is:
[GNUPG:] GET_HIDDEN passphrase.enter
and then you can send the data with the pipe. I know this way is
more complicated because you need two additional pipes (status,
command) but it's the tidiest way.
More information about the Gnupg-devel