Detached signature on multiple files?
Greg Strong <firstname.lastname@example.org>
Thu Aug 15 23:21:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 15 Aug 2002, at 14:30:53 [GMT -0500] your time you wrote in
RM> I believe the FOR command works in the Win9x command interpreter as
RM> well, but I don't remember for sure. I've been using almost
RM> exclusively NT/2000/XP since 1996 - much more stable.
I checked the DOS 5.0 manual and the FOR command is in it. I would
imagine the FOR command works in Win98. It has to because the 1st
command line you gave worked. It has to do with this part:
echo passphrase|gpg --passphrase-fd 0 --detach-sign %f
When I type the full command in the output in Win98 DOS box is the
It appears gpg is NOT running. It is simply echoing the word
"PASSPHRASE" in the command. I think it has to do with how we are trying
to capture the password with the "echo" command.
So I tried the following command:
FOR %f IN (*.doc) DO gpg --passphrase-fd 0 --detach-sign %f
Now the passphrase is not asked for but gpg is looking for it in the
file descriptor 0. See output below:
D:\Email02>gpg --passphrase-fd 0 --detach-sign MON106.DOC
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
Reading passphrase from file descriptor 0 ...
It is doing this for every *.doc file in the directory. So what command
has to be included so that gpg asks and stores the password in file
descriptor 0 for the subsequent files.
RM> The problem with providing the passphrase via pipe is that it is
RM> plainly visible on screen when you type it on the command line. It
RM> would probably be best to set this up as a batch file that takes the
RM> passphrase as a parameter, and then puts it into the FOR command.
RM> Or, better yet, write a Windows Scripting Host file (wither VBscript
RM> or Jscript) that reads the user password in a secure fashion;
RM> windows scripting is not too difficult a thing to pick up.
I like to do things in steps. Obviously there is a problem, but what.
When attempting to figure out I think about section 4.14, "How can I use
GnuPG in an automated environment" in the GPG FAQ.txt file. I already
have multiple signing with your 1st command looking at separate key
rings with no password on the key. So this all maybe a mute point.
>>I am no programmer but do enjoy learning, so my question is what is
>>stdin? Is this some temporary file on Win2k or NT machine where the
>>passphrase is stored?
RM> This is a feature that shows the UNIX & CP/M roots of the DOS
RM> command shell (although there is no DOS in Windows NT/2000/XP, the
RM> command interface is very similar). Stdin is "standard input", the
RM> primary means of user interaction, usually the keyboard. There is
RM> also stdout, which is usually the console, and stderr, which is also
RM> usually the console. However, any of these can be redirected to
RM> something else, like files or even other programs. This is what the
RM> pipe (|) operator does in the command line I gave you: it makes the
RM> output of "echo" the standard in (i.e. keyboard) for gpg; which is
RM> looking for the passphrase on its stdin.
Thanks, good to know.
RM> As another example, the > operator on the command line makes stdout
RM> a file. Try: echo "Howdy partner" > howdy.txt And look at the
RM> resulting file.
I've used the > operator to re-direct to a text file in the past.
Thanks for the help.
TB! v1.62/Beta1 on Windows 98
PGP public keys:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.1.91 (MingW32) - GPGshell v2.45
Comment: Greg Strong (Email Mail Lists KeyID 0xB1FE63FA)
-----END PGP SIGNATURE-----