--passphrase and command line
hymie at lactose.homelinux.net
Wed Jan 14 17:23:55 CET 2015
Can you please expand on your answer?
Werner Koch <wk <at> gnupg.org> writes:
> On Wed, 14 Jan 2015 15:39, hymie <at> lactose.homelinux.net said:
> > Can this feature be added to the "--passphrase" option of gpg? It's my
> The only reason to use --passphrase is for symmetric encryption and for
> regression tests.
I'm intrigued by your claim that this is "the only reason". I'm sure that
some people can think of other reasons.
> For the former --passphrase-file and --passphrase-fd
> is what you actually want to use.
You are claiming that writing my key to a file on my disk is more secure?
I agree that --passphrase-fd is probably the best option. In my particular
use-case, it comes with an unfortunate side-effect that I'm hoping to avoid.
> If you do public key decryption/signing there is no need for a
> passphrase - just do not set one for your key. It is useless and only
> needed by check mark style security policies .
I'm sorry... "Don't set a passphrase on my key" ? How is that possibly a
More information about the Gnupg-devel