--passphrase and command line

Werner Koch wk at gnupg.org
Wed Jan 14 17:09:09 CET 2015

On Wed, 14 Jan 2015 15:39, hymie at lactose.homelinux.net said:

> Can this feature be added to the "--passphrase" option of gpg?  It's my


The only reason to use --passphrase is for symmetric encryption and for
regression tests.  For the former --passphrase-file and --passphrase-fd
is what you actually want to use.

If you do public key decryption/signing there is no need for a
passphrase - just do not set one for your key.  It is useless and only
needed by check mark style security policies [1].



[1] Something like this ;-):

  [ ] Machine case has no sharp edges
  [ ] Admin knows how to power on the server
  [ ] Admin knows how to escalate problems
  [ ] Password has at least 8 characters and includes a digit
  [ ] Password does not match user name
  [ ] Certificate makes the address bar green
  [ ] Some key size is at least 2048
  [ ] Audit done by 600 EUR/h consultant
  [ ] TüV badge has not expired
  [ ] Passwords are used to protect all keys

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list