Suppressing passphrase prompt

Clough, Samuel Samuel_Clough@invesco.com
Fri Jun 21 20:46:01 2002


To get around the passphrase prompt on NT:
As someone else pointed out, you can use --passphrase-fd n to pass a file
descriptor.  Unfortunately, file descriptors are more the realm of Unix type
systems than Windows.  I think this does work on Windows if you can get the
proper system file handle which, as I understand it, is not too difficult in
C++ or C.  Unfortunately, all I have available to work with is VB.  I tried
a few APIs to get the correct system file handle to pass and it was never
the correct one.  (If someone knows the correct API, I would love to have
it).
That left me with --passphrase-fd 0 which is the common input.  I tried to
pipe the password a la Unix, but while Dos does support pipes to an extent,
that did not work.  I finally found deep in the mail archives the following:
use --passphrase-fd 0 and redirect the password file on the end using <
passfile.txt.  In other words:
c:\gnupg\gpg -o outputfile.txt --passphrase-fd 0 --decrypt c:\test.txt <
password.txt  Dos will read the password file and use it properly. This is
the only way I have found to do it outside of a C solution.  
It is a little ugly, but I implemented it by building a COM component in VB
that first defines tmp files.  1 for the password if necessary, 1 for the
source file to decrypt, 1 for a .bat file, and 1 for the decrypted or
encrypted output.  Then, I build the proper command string and put it in the
bat file.  Next, I run the bat file with the createprocess api and wait for
it to finish.  I then check for an exit code of 0 (In limited testing gpg
almost always produced 0), but to really verify I check the size of the
output file.  Then I delete all temp files immediately whether the process
worked or not.
It is ugly, but it does provide an automated solution which is pretty
invisible to the developer since all they do is use the methods on the dll.
Another solution is to remove the password on your secret key.  This is
probably the best solution since I have some vb code I downloaded that lets
you open a pipe, run a command, and parse the output which would let you
know if it really worked.  Unfortunately, the pipe gets confused with me
redirecting the password so I cannot use that with the above.  I'm not
really sure it is much move unsecure than the above anyway.
HTH,
Samuel