Passphrase as parameter in the command line

Steve Butler sbutler@fchn.com
Fri Jan 4 18:21:01 2002 

NOTE:  My "default" program hands back data strings based on the host name
from which it is running.  
       gpg_home returns the path to where the key rings are located.
       gpg_pass$1 returns the pass phrase identified by $1 (1st parameter on
command line)
       The 2nd and 3rd parameters on the command line are the input and
output file names (including paths)


script name: gpg_decrypt

#!/bin/ksh
homedir=$(default gpg_home)

rm -f $3 2>&1 1> /dev/null
default gpg_pass$1 \
  | gpg --homedir $homedir --passphrase-fd 0 --no-tty \
        --output $3 --decrypt $2
# end of script

Since we have two public keys (a 1024 bit one and a 2048 bit one -- we are
phasing out the 1024 bit key) we identify the pass phrases differently.  You
might prefer to have a single pass phrase and simply echo "my pass phrase"
and pipe that to gpg and use --passphrase-fd 0 

Note that our options file has these additional entries that might be
appropriate for your environment:
compress-algo 1
force-v3-sigs
batch

Usage:  gpg_decrypt 2 input_file output_file


And, no, the passphrases are not in clear text.  However, a hacker could
quickly break my simple obfuscation.  But it keeps the company non-hackers
from casually gazing on them.  My personal pass phrase is not on the box.


--Steve Butler
Oracle DBA
First Choice Health Network

(And I apologize for the forced commentary the corporate email server will
apply once this message leaves my box).



-----Original Message-----
From: ritter, horst (EDS CH) [mailto:horst.ritter-eds@eds.com]
Sent: Friday, January 04, 2002 8:38 AM
To: 'gnupg-users@gnupg.org'
Subject: Passphrase as parameter in the command line


Dear Linux community,

I have been looking for weeks for a solution to the following problem.

How can I give gpg the passphrase as parameter in the commandline to decrypt
files, instead to type it in after GPG's request? 
I need this to automaticaly process a lot of files under UNIX, managed by
self written program.

I would be greatful for any hints, or any ideas, which may lead to a
solution.

Should you have any questions, or require further information, please do not
hesitate to contact me. 

Best regards,

Horst Ritter


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.