Passphrase as parameter in the command line

Frank Tobin
Fri Jan 4 18:10:02 2002

ritter, horst (EDS CH), at 16:37 -0000 on 2002-01-04, wrote:

> How can I give gpg the passphrase as parameter in the commandline to
> decrypt files, instead to type it in after GPG's request?  I need this
> to automaticaly process a lot of files under UNIX, managed by self
> written program.

You don't give the passphrase as an argument to GnuPG.  GnuPG's policy
(which I don't agree with) is that you must pass in such sensitive data on
a filehandle, namely --passphrase-fd.  See the manpage on this option for

The policy is due to a unixism that command-line parameters are often (but
not always) globally viewable by tools such a ps.  Sort of a 'save the
users from themselves'.  Not that I agree with the approach, though.

Frank Tobin