sending interactive passwords

Adam M. adamm at san.rr.com
Mon Jun 30 03:56:48 CEST 2008


I just discovered --command-fd. It's pretty poorly documented, but it 
seems to do the trick. Excellent! Sorry for the "unnecessary" posts, but 
I searched the archives and didn't find a solution.

Hopefully this will help the next person.


Adam M. wrote:
> Adam M. wrote:
>> It seems to me that it is impossible to send multiple passwords to GPG
>> without direct user interaction on a TTY...
> 
> It's even worse with decryption, because I don't know beforehand which 
> key's password to ask for, or whether a key will be used at all (the 
> data might have been symmetrically encrypted).
> 
> I suppose the thing to do is run GPG first, let it fail, try to figure 
> out which password to ask for, and then run it again. But then I can't 
> support arbitrary data streams (for instance network streams) because 
> they can't necessarily be read, rewound, and read again. I could write 
> them to a temp file on disk, but I prefer not to leave bits on the hard 
> drive unnecessarily.
> 
> I think it would really complete the GPG interface to have interactive 
> password querying. It already issues NEED_PASSPHRASE* messages on the 
> status-fd stream, so we just need a way to answer those prompts...
> 
> Am I missing some obvious downside? Should I code this and send a patch? 
> Is this something that the developers don't want in GPG?
> 
> Thanks,
> -- Adam



More information about the Gnupg-devel mailing list