Suppressing passphrase prompt

Leigh S. Jones kr6x@kr6x.com
Sat Jun 22 07:17:01 2002


This is a multi-part message in MIME format.

------=_NextPart_000_0014_01C21972.C8728630
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Re: Suppressing passphrase promptDavid T-G writes:

Hey, you experts on the list -- am I the only one who is astonished and=20
appalled at people putting their passphrases in code somewhere?  Am I=20
wrong and hard-coding is somehow safer than a guarded key?=20

Well, I'm not one of those experts, but I also don't read "passphrases =
in=20
code" into these questions.

I myself am a lover of Linux, but being compelled to use Windows NT and
Win2K at work and having it available at home has made me sensitive to
the issues affecting the Windows users. =20

I use gpg at work, not for encryption, but for very real, honest-to-god=20
nonrepudiation tasks.  And Windows is the forced environment.  Just by
happenstance it's necessary for the secret key passphrase to be entered
into the GUI a half an hour before the document being digitally signed =
is
actually created, so the testing of the passphrase and storage (until =
use)=20
in protected memory is dictated.

Most of these automated decryption questions involve people whose=20
tasks are no more complex than decrypting all  files on a directory
while they work, then encrypting before they step away.  Few have the
relative security of a Unix/Linux system protecting their secret key =
rings,
and most have their root directory trees shared as administrative shares
so that absolutely anyone in the IT department at their companies can
read and alter everything at will.

These environments are never really safe against attacks like secretly=20
implanted keystroke capturing programs, so protection is not certain,
but sometimes a little protection can be a lot better than none.

PGP has a feature variously known as "cache passphrase" or "single
sign-on" that very effectively provides for most of these requirements,
and the GnuPG Agent seeks to fill this need.  But I find it relatively
satisfying that there is a programming interface built into gpg that
makes it possible to pipe the passphrase into the program in relative
security allowing gpg to be manipulated fully by GUI front ends.  This
is much more satisfying than the PGP command-line approach where
the passphrase is actually placed onto the command line in a most
insecure fashion.

But the hardcoded password is only one of the variously insecure=20
options being considered by the gpg users who pose these questions,
so it's probably not a good idea to fixate on this one.
  ----- Original Message -----=20
  From: David T-G=20
  To: GnuPG Users' List=20
  Cc: Steven Handleman=20
  Sent: Friday, June 21, 2002 8:15 PM
  Subject: Re: Suppressing passphrase prompt


  Steven, et al --=20

  ...and then Steven Handleman said...=20
  %=20
  % Hi All,=20

  Hello!=20



  %=20
  % I am a new user to GPG and I am hoping that someone on this list can =

  % provide an easy answer to this.  When I try to sign & encrypt a file =
(--sign --=20
  % encrypt --armor), gpg prompts me for a passphrase for my secret key. =
 Is=20
  % there any way to suppress this prompt?  I need to suppress it =
because the=20
  % encryption is going to become part of an automated batch file.=20

  If you don't have to sign then you won't need any input; encryption =
alone=20
  doesn't require a passphrase.=20

  If you do have to sign, it seems to me at least as secure to use a key =

  with no passphrase as it does to put your passphrase in code somewhere =

  (which sounds horribly insecure, with nowhere to go but up), so null =
it=20
  out (perhaps make a new key specifically for this purpose) and sign =
away.=20

  Hey, you experts on the list -- am I the only one who is astonished =
and=20
  appalled at people putting their passphrases in code somewhere?  Am I=20
  wrong and hard-coding is somehow safer than a guarded key?=20



  %=20
  % TIA,=20
  % Steven Handleman=20
  % IT Manager=20
  % Geewax, Terker and Co.=20
  % systems@geewax.com=20



  HTH & HAND=20

  :-D=20
  --=20
  David T-G                      * It's easier to fight for one's =
principles=20
  (play) davidtg@justpickone.org * than to live up to them. -- fortune =
cookie=20
  (work) davidtgwork@justpickone.org=20
  http://www.justpickone.org/davidtg/    Shpx gur Pbzzhavpngvbaf Qrprapl =
Npg!=20


------=_NextPart_000_0014_01C21972.C8728630
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Re: Suppressing passphrase prompt</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2712.300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff><FONT face=3DArial size=3D2>
<P><FONT size=3D2>David T-G writes:</FONT></P>
<P><FONT size=3D2>Hey, you experts on the list -- am I the only one who =
is=20
astonished and</FONT> <BR><FONT size=3D2>appalled at people putting =
their=20
passphrases in code somewhere?&nbsp; Am I</FONT> <BR><FONT =
size=3D2>wrong and=20
hard-coding is somehow safer than a guarded key?</FONT> </P>
<DIV>Well, I'm not one of those experts, but I also don't read =
"passphrases in=20
</DIV>
<DIV>code" into these questions.</DIV>
<DIV>&nbsp;</DIV>
<DIV>I myself am a lover of Linux, but being compelled to use Windows NT =

and</DIV>
<DIV>Win2K at work and having it available at home has made me sensitive =

to</DIV>
<DIV>the issues affecting the Windows users.&nbsp; </DIV>
<DIV>&nbsp;</DIV>
<DIV>I use gpg at work, not for encryption, but for very real, =
honest-to-god=20
</DIV>
<DIV>nonrepudiation tasks.&nbsp; And Windows is the forced =
environment.&nbsp;=20
Just by</DIV>
<DIV>happenstance it's necessary for the secret key passphrase to be=20
entered</DIV>
<DIV>into the GUI a half an hour before the document being digitally =
signed=20
is</DIV>
<DIV>actually created, so the testing of the passphrase=20
and&nbsp;storage&nbsp;(until use) </DIV>
<DIV>in protected memory is dictated.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Most of these automated decryption questions involve people whose =
</DIV>
<DIV>tasks are no more complex than decrypting all&nbsp; files&nbsp;on a =

directory</DIV>
<DIV>while they work, then encrypting&nbsp;before they step away.&nbsp; =
Few have=20
the</DIV>
<DIV>relative security of a Unix/Linux system protecting their secret =
key=20
rings,</DIV>
<DIV>and most have their root directory trees shared as administrative=20
shares</DIV>
<DIV>so that absolutely anyone in the IT department at their companies =
can</DIV>
<DIV>read and alter everything at will.</DIV>
<DIV>&nbsp;</DIV>
<DIV>These environments are never really safe against&nbsp;attacks like =
secretly=20
</DIV>
<DIV>implanted keystroke capturing programs, so protection is not =
certain,</DIV>
<DIV>but sometimes&nbsp;a little&nbsp;protection&nbsp;can be&nbsp;a lot =
better=20
than none.</DIV>
<DIV>&nbsp;</DIV>
<DIV>PGP has a feature variously known as "cache passphrase" or =
"single</DIV>
<DIV>sign-on"&nbsp;that very effectively provides for most of these=20
requirements,</DIV>
<DIV>and the GnuPG Agent seeks to&nbsp;fill this need.&nbsp; But I find =
it=20
relatively</DIV>
<DIV>satisfying that there is a programming interface built into gpg =
that</DIV>
<DIV>makes it possible to pipe the passphrase into the program in =
relative</DIV>
<DIV>security allowing gpg to be manipulated fully by GUI front =
ends.&nbsp;=20
This</DIV>
<DIV>is much more satisfying than the PGP command-line approach =
where</DIV>
<DIV>the passphrase is actually placed onto the command line in a =
most</DIV>
<DIV>insecure fashion.</DIV>
<DIV>&nbsp;</DIV>
<DIV>But the hardcoded password is only one of the variously insecure =
</DIV>
<DIV>options being considered by the gpg users who pose these =
questions,</DIV>
<DIV>so it's probably not a good idea to fixate on this =
one.</DIV></FONT>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV=20
  style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
  <A title=3Ddavidtg-gnupg@justpickone.org=20
  href=3D"mailto:davidtg-gnupg@justpickone.org">David T-G</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Dgnupg-users@gnupg.org=20
  href=3D"mailto:gnupg-users@gnupg.org">GnuPG Users' List</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Cc:</B> <A =
title=3Dshandleman@geewax.com=20
  href=3D"mailto:shandleman@geewax.com">Steven Handleman</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, June 21, 2002 =
8:15 PM</DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Re: Suppressing =
passphrase=20
  prompt</DIV>
  <DIV><BR></DIV>
  <P><FONT size=3D2>Steven, et al --</FONT> </P>
  <P><FONT size=3D2>...and then Steven Handleman said...</FONT> =
<BR><FONT size=3D2>%=20
  </FONT><BR><FONT size=3D2>% Hi All,</FONT> </P>
  <P><FONT size=3D2>Hello!</FONT> </P><BR>
  <P><FONT size=3D2>% </FONT><BR><FONT size=3D2>% I am a new user to GPG =
and I am=20
  hoping that someone on this list can </FONT><BR><FONT size=3D2>% =
provide an easy=20
  answer to this.&nbsp; When I try to sign &amp; encrypt a file (--sign=20
  --</FONT> <BR><FONT size=3D2>% encrypt --armor), gpg prompts me for a =
passphrase=20
  for my secret key.&nbsp; Is </FONT><BR><FONT size=3D2>% there any way =
to=20
  suppress this prompt?&nbsp; I need to suppress it because the =
</FONT><BR><FONT=20
  size=3D2>% encryption is going to become part of an automated batch =
file.</FONT>=20
  </P>
  <P><FONT size=3D2>If you don't have to sign then you won't need any =
input;=20
  encryption alone</FONT> <BR><FONT size=3D2>doesn't require a =
passphrase.</FONT>=20
  </P>
  <P><FONT size=3D2>If you do have to sign, it seems to me at least as =
secure to=20
  use a key</FONT> <BR><FONT size=3D2>with no passphrase as it does to =
put your=20
  passphrase in code somewhere</FONT> <BR><FONT size=3D2>(which sounds =
horribly=20
  insecure, with nowhere to go but up), so null it</FONT> <BR><FONT =
size=3D2>out=20
  (perhaps make a new key specifically for this purpose) and sign =
away.</FONT>=20
  </P>
  <P><FONT size=3D2>Hey, you experts on the list -- am I the only one =
who is=20
  astonished and</FONT> <BR><FONT size=3D2>appalled at people putting =
their=20
  passphrases in code somewhere?&nbsp; Am I</FONT> <BR><FONT =
size=3D2>wrong and=20
  hard-coding is somehow safer than a guarded key?</FONT> </P><BR>
  <P><FONT size=3D2>% </FONT><BR><FONT size=3D2>% TIA,</FONT> <BR><FONT =
size=3D2>%=20
  Steven Handleman</FONT> <BR><FONT size=3D2>% IT Manager</FONT> =
<BR><FONT=20
  size=3D2>% Geewax, Terker and Co.</FONT> <BR><FONT size=3D2>%=20
  systems@geewax.com</FONT> </P><BR>
  <P><FONT size=3D2>HTH &amp; HAND</FONT> </P>
  <P><FONT size=3D2>:-D</FONT> <BR><FONT size=3D2>-- </FONT><BR><FONT =
size=3D2>David=20
  =
T-G&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
  * It's easier to fight for one's principles</FONT> <BR><FONT =
size=3D2>(play)=20
  davidtg@justpickone.org * than to live up to them. -- fortune =
cookie</FONT>=20
  <BR><FONT size=3D2>(work) davidtgwork@justpickone.org</FONT> <BR><FONT =
size=3D2><A=20
  href=3D"http://www.justpickone.org/davidtg/"=20
  =
target=3D_blank>http://www.justpickone.org/davidtg/</A>&nbsp;&nbsp;&nbsp;=
 Shpx=20
  gur Pbzzhavpngvbaf Qrprapl Npg!</FONT> </P></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0014_01C21972.C8728630--