Detached signature on multiple files?

Greg Strong Greg Strong <>
Thu Aug 15 23:21:02 2002

Hash: SHA1

Hello Ryan,

On Thu, 15 Aug 2002, at 14:30:53 [GMT -0500] your time you wrote in

RM> I believe the FOR command works in the Win9x command interpreter as
RM> well, but I don't remember for sure. I've been using almost
RM> exclusively NT/2000/XP since 1996 - much more stable.

I checked the DOS 5.0 manual and the FOR command is in it. I would
imagine the FOR command works in Win98. It has to because the 1st
command line you gave worked. It has to do with this part:

echo passphrase|gpg --passphrase-fd 0 --detach-sign %f

When I type the full command in the output in Win98 DOS box is the

D:\Email02>echo PASSPHRASE

It appears gpg is NOT running. It is simply echoing the word
"PASSPHRASE" in the command. I think it has to do with how we are trying
to capture the password with the "echo" command.

So I tried the following command:

FOR %f IN (*.doc) DO gpg --passphrase-fd 0 --detach-sign %f

Now the passphrase is not asked for but gpg is looking for it in the
file descriptor 0.  See output below:

D:\Email02>gpg --passphrase-fd 0 --detach-sign MON106.DOC
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
Reading passphrase from file descriptor 0 ...

It is doing this for every *.doc file in the directory. So what command
has to be included so that gpg asks and stores the password in file
descriptor 0 for the subsequent files.

RM> The problem with providing the passphrase via pipe is that it is
RM> plainly visible on screen when you type it on the command line. It
RM> would probably be best to set this up as a batch file that takes the
RM> passphrase as a parameter, and then puts it into the FOR command.
RM> Or, better yet, write a Windows Scripting Host file (wither VBscript
RM> or Jscript) that reads the user password in a secure fashion;
RM> windows scripting is not too difficult a thing to pick up.

I like to do things in steps. Obviously there is a problem, but what.
When attempting to figure out I think about section 4.14, "How can I use
GnuPG in an automated environment" in the GPG FAQ.txt file. I already
have multiple signing with your 1st command looking at separate key
rings with no password on the key. So this all maybe a mute point.

>>I am no programmer but do enjoy learning, so my question  is what is
>>stdin? Is this some temporary file on Win2k or  NT machine where the
>>passphrase is stored?

RM> This is a feature that shows the UNIX & CP/M roots of the DOS
RM> command shell (although there is no DOS in Windows NT/2000/XP, the
RM> command interface is very similar). Stdin is "standard input", the
RM> primary means of user interaction, usually the keyboard. There is
RM> also stdout, which is usually the console, and stderr, which is also
RM> usually the console. However, any of these can be redirected to
RM> something else, like files or even other programs. This is what the
RM> pipe (|) operator does in the command line I gave you: it makes the
RM> output of "echo" the standard in (i.e. keyboard) for gpg; which is
RM> looking for the passphrase on its stdin.

Thanks, good to know.

RM> As another example, the > operator on the command line makes stdout
RM> a file. Try:    echo "Howdy partner" > howdy.txt And look at the
RM> resulting file.

I've used the > operator to re-direct to a text file in the past.

Thanks for the help.

- -- 
Best regards,

Greg Strong                     
TB! v1.62/Beta1 on Windows 98  

PGP public keys:

Version: GnuPG v1.1.91 (MingW32) - GPGshell v2.45
Comment: Greg Strong (Email Mail Lists KeyID 0xB1FE63FA)