Reading passphrase from an environment variable.
Janusz A. Urbanowicz
alex at FUCKUP.fantastyka.net
Fri Jan 3 00:47:02 CET 2003
David Shaw napisał[a]/wrote/schrieb:
> On Thu, Jan 02, 2003 at 03:34:02PM -0800, John Mathew wrote:
> > Hi,
> > Whenever I decrypt or encrypt using GPG it prompts for the passphrase. I
> > would like to set the passphrase in a UNIX environment variable and every
> > time GPG should read from this variable. The idea is to run decryption and
> > encryption using shell scripts which does not require any prompting.
> There are many reasons why this is a bad idea security-wise, the most
> notable is that any other user on the box can see your environment,
> and hence your passphrase.
> However, if these reasons do not apply to your situation:
> echo $passphrase | gpg --passphrase-fd 0 ......
> The --passphrase-fd option will read the passphrase from whatever fd
> is specified during GnuPG startup.
IMO it's better to suggest:
cat $passphrasefile | gpg --passphrase-fd 0
- it doesn't make the passphrase visible in ps output in any way.
More information about the Gnupg-devel