Decryption Automation Question
Will Morgan
gnugpghelp@mlhp.net
Sat Jul 20 20:12:01 2002
>>
That is a FAQ. Please check the list archives.
>>
How to automate gpg on windows is certainly a FAQ, but i do not believe it
is a question answered clearly in the archives, perhaps because of different
behavior of different versions of windows.
Check the recent thread "bad passphrase error passing it into GPG on Windows
98 using stdin" for a lot of good help on trying to pass the passphrase in
using file handles. Try the file handle translation utility Leigh wrote
which i haven't had the time to test out.
The way i finally got automation to work from access 2000 / Visual Basic for
Applications on Windows 98 was by writing a file to disk with the
passphrase, then writing out a batch file referencing that file, then
running the batch file with the CreateProcess API call:
Write your passphrase to a file, call it pf.txt,
then create a batch file, say dec_batch.bat, the contents of which might
look like this:
type c:\pf.txt |gpg --passphrase-fd 0 -o c:\clearout.txt --decrypt
c:\encrtext.txt
Then execute the dec_batch.bat file using CreateProcessa documented on
support.microsoft.com in
KB Q129796, http://support.microsoft.com/default.aspx?scid=kb;en-us;Q129796
with a cmdline of "dec_batch.bat"
Shell() might be just as good a way to launch the batch file as i don't
believe the exit code is passed through the batch file from gpg using this
technique... I was able to capture stdout programmatically using pipes.. see
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q173085 for more on
doing that,
just could never pass the passphrase in via stdin.
Thanks to all who have responded to this question!!!
I believe the fact that out of practical need i and others are writing
passphrases out to disk is strong evidence for the wisdome of implementing a
pgp style command line passphrase option in gpg. It could well be that i am
a relatively unskilled batch programmer, and that i don't see enough of the
big picture, but i don't feel so unique among current and future gpg users.
IMHO a command line passphrase option would increase the _effective_
reliability and security of gpg.