gpg question

[Jerry Windrel]

I think you have to put the passphrase in a file and pass it into gpg
through the file descriptor number (not the file name).  This is for
security reasons.  Command lines are sometimes logged and also often visible
by non-priveleged users (through the "ps" command for example), so it's bad
to put passphrases in them.

Some people have suggested that if you have a need to store a pass phrase
for a script, you should just delete the pass phrase from the private key
and rely solely on the security of the file containing the private key,
since the pass phrase in that case is just causing extra complexity without
adding any extra security.


----- Original Message ----- 
From: <Derek.Hagen at mhccom.com>
To: <gnupg-devel at gnupg.org>
Sent: Friday, June 18, 2004 12:06 PM
Subject: gpg question


> I am using GPG and want to send a passphrase throught a command line
> argument.  For example right now we have:
>
> "c:\program files\gnu\gnu pgp\GPG.EXE" -o "C:\Program Files\Document
> Express\ppay.GPG" --force-v3-sigs --sign --armor --text --encrypt
> --recipient FletBston "C:\Program Files\Document Express\ppay.pay keith"
>
> When this line is executed we get a box up asking for the passphrase.  We
> want to be able to ignore this and put the passphrase in the above command
> line argument so that the box does not come up.
>
> Any help would be greatly appreciated.
>
> thank
> derek
> MHC Software
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>