Reading passphrase from an environment variable.
David Shaw
dshaw at jabberwocky.com
Fri Jan 3 00:51:02 CET 2003
On Fri, Jan 03, 2003 at 12:48:02AM +0100, Janusz A. Urbanowicz wrote:
> David Shaw napisa?[a]/wrote/schrieb:
> > On Thu, Jan 02, 2003 at 03:34:02PM -0800, John Mathew wrote:
> > >
> > >
> > > Hi,
> > >
> > > Whenever I decrypt or encrypt using GPG it prompts for the passphrase. I
> > > would like to set the passphrase in a UNIX environment variable and every
> > > time GPG should read from this variable. The idea is to run decryption and
> > > encryption using shell scripts which does not require any prompting.
> >
> > There are many reasons why this is a bad idea security-wise, the most
> > notable is that any other user on the box can see your environment,
> > and hence your passphrase.
> >
> > However, if these reasons do not apply to your situation:
> >
> > echo $passphrase | gpg --passphrase-fd 0 ......
> >
> > The --passphrase-fd option will read the passphrase from whatever fd
> > is specified during GnuPG startup.
>
> IMO it's better to suggest:
>
> cat $passphrasefile | gpg --passphrase-fd 0
>
> - it doesn't make the passphrase visible in ps output in any way.
Certainly, but if the box has no user logins at all... ;)
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list