Reading passphrase from an environment variable.

Janusz A. Urbanowicz alex at
Fri Jan 3 00:47:02 CET 2003

David Shaw napisał[a]/wrote/schrieb:
> On Thu, Jan 02, 2003 at 03:34:02PM -0800, John Mathew wrote:
> > 
> > 
> > Hi,
> > 
> > Whenever I decrypt or encrypt using GPG it prompts for the passphrase.  I
> > would like to set the passphrase in a UNIX environment variable and every
> > time GPG should read from this variable. The idea is to run decryption and
> > encryption using shell scripts which does not require any prompting.
> There are many reasons why this is a bad idea security-wise, the most
> notable is that any other user on the box can see your environment,
> and hence your passphrase.
> However, if these reasons do not apply to your situation:
>   echo $passphrase | gpg --passphrase-fd 0 ......
> The --passphrase-fd option will read the passphrase from whatever fd
> is specified during GnuPG startup.

IMO it's better to suggest:

   cat $passphrasefile | gpg --passphrase-fd 0 

- it doesn't make the passphrase visible in ps output in any way.


More information about the Gnupg-devel mailing list