gpg question
Jerry Windrel
jerry.windrel at verizon.net
Mon Jun 21 14:52:12 CEST 2004
I would further suggest that the user id of the key used by the script
should not be labeled with any person's name but rather with the name of the
server, web site, program, etc. that is using it. That way, people who see
the key will know that it may not be as secure as it would normally be,
since a program is in control of it, not a person.
----- Original Message -----
From: "Jerry Windrel" <jerry.windrel at verizon.net>
To: <Derek.Hagen at mhccom.com>; <gnupg-devel at gnupg.org>
Sent: Monday, June 21, 2004 8:49 AM
Subject: Re: gpg question
> I think you have to put the passphrase in a file and pass it into gpg
> through the file descriptor number (not the file name). This is for
> security reasons. Command lines are sometimes logged and also often
visible
> by non-priveleged users (through the "ps" command for example), so it's
bad
> to put passphrases in them.
>
> Some people have suggested that if you have a need to store a pass phrase
> for a script, you should just delete the pass phrase from the private key
> and rely solely on the security of the file containing the private key,
> since the pass phrase in that case is just causing extra complexity
without
> adding any extra security.
>
>
> ----- Original Message -----
> From: <Derek.Hagen at mhccom.com>
> To: <gnupg-devel at gnupg.org>
> Sent: Friday, June 18, 2004 12:06 PM
> Subject: gpg question
>
>
> > I am using GPG and want to send a passphrase throught a command line
> > argument. For example right now we have:
> >
> > "c:\program files\gnu\gnu pgp\GPG.EXE" -o "C:\Program Files\Document
> > Express\ppay.GPG" --force-v3-sigs --sign --armor --text --encrypt
> > --recipient FletBston "C:\Program Files\Document Express\ppay.pay keith"
> >
> > When this line is executed we get a box up asking for the passphrase.
We
> > want to be able to ignore this and put the passphrase in the above
command
> > line argument so that the box does not come up.
> >
> > Any help would be greatly appreciated.
> >
> > thank
> > derek
> > MHC Software
> >
> > _______________________________________________
> > Gnupg-devel mailing list
> > Gnupg-devel at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-devel
> >
>
More information about the Gnupg-devel
mailing list