gnupg to encrypt files in a batch processes
Helmut Waitzmann
Helmut.Waitzmann@web.de
Wed Mar 20 14:51:01 2002
Armin Sch=F6ch <schoech@iap-kborn.de> writes:
>> Is the solution to use the --passphrase-fd option?? Where can I find
>> documentation on this?
>>
>> gpg -s -e -o - --batch --yes --passphrase-fd n -r myemail@mycompany.com
>> /usr/local/BatchMail/mailbox/TestFileMsg
>
>This would be your command
>
>echo PASSPHRASE | gpg -s -e -o - --batch --yes --passphrase-fd 0 -r
>myemail@mycompany.com /usr/local/BatchMail/mailbox/TestFileMsg
That's unsecure: If "echo" is an external program, then
everybody having shell access to the machine can spy out the
PASSPHRASE using the "ps" program.
I recommend to do it like this:
put the PASSPHRASE into a file, for example
/usr/local/BatchMail/passphrase, and then use the command
gpg -s -e -o - --batch --yes --passphrase-fd 0 -r myemail@mycompany.com /us=
r/local/BatchMail/mailbox/TestFileMsg < /usr/local/BatchMail/passphrase