AW: --command-fd

Joerg Toellner
Mon May 27 10:31:02 2002

Dear Rasoul,

do the following (only a codesnippet) in perl.

--------------------SNIPPET ON-----------------------
my $passphrase = "mylittlesecret";
my $returncode;

open(PASSOUT, "| /usr/bin/gpg --batch --homedir
/usr/lsd/apache-ssl/htdocs/secureDB/PGP/.gnupg --passphrase-fd 0 --edit-key

print PASSOUT $passphrase;

$returncode = close (PASSOUT);
--------------------SNIPPET OFF-----------------------

(Beware of the linebreak! The open line is ALL on one line! AND NOTICE
 the | (Pipe) character in the open command)

What does it do?
It opens the gpg command with the perl-open-command and connects the stdin
from gpg (fd 0) used as the passphrase-input-pipe with the PERL Filehandle
PASSOUT. When gpg comes to the point that it needs the passphrase it expects
it on its stdin. You use the perl-print-command to fill the PASSOUT
(connected to the stdin from gpg) and so transfer your passphrase to gpg in
the right place where gpg expects it. GPG receives your passphrase and goes
on with his job. After the action, dont forget to close the

Thats all. Works for me fine. Hope it helps.

Joerg Toellner

> -----Ursprungliche Nachricht-----
> Von: []Im
> Auftrag von Rasoul Hajikhani
> Gesendet: Samstag, 25. Mai 2002 02:42
> An:
> Betreff: --command-fd
> Hi folks,
> I am trying to my passphrase by running a perl program to this for me.
> The docs mentions that:
> --passphrase-fd n
>                  Read the passphrase from file descriptor  n.  If
>                  you  use  0  for  n, the passphrase will be read
>                  from stdin.     This can only be  used  if  only
>                  one  passphrase  is  supplied.   Don't  use this
>                  option if you can avoid it.
> --command-fd n
>                  This is a replacement for the deprecated shared-
>                  memory  IPC  mode.   If  this option is enabled,
>                  user input on questions is not expected from the
>                  TTY  but  from  the  given  file descriptor.  It
>                  should be used together  with  --status-fd.  See
>                  the  file doc/DETAILS in the source distribution
>                  for details on how to use it.
> So here is the command that my script is trying to execute:
> gpg --homedir /usr/lsd/apache-ssl/htdocs/secureDB/PGP/.gnupg
> --command-fd 0 --edit-key 1193 passwd
> But gpg hangs in the middle of its work. Here is the output:
> Secret key is available.
> pub  1024D/8B7A4655  created: 2002-05-03 expires: never      trust: -/u
> sub  1024g/A935EF26  created: 2002-05-03 expires: never
> (1). Rasoul Hajikhani (None) <>
> Key is protected.
> You need a passphrase to unlock the secret key for
> user: "Rasoul Hajikhani (None) <>"
> 1024-bit DSA key, ID 8B7A4655, created 2002-05-03
> After the last line, the program hangs. I could not find any info on
> --status-fd in the docs/DETAILS file. Can someone shed some light on
> this for me...
> Thanks in advance.
> -r
> _______________________________________________
> Gnupg-users mailing list