GNUPG 1.0.6 --passphrase-fd

[Werner Koch]

On Tue, 7 Jan 2003 11:41:40 -0500, Gilvar, Jon said:

> gnupg file. I am getting hung up on the --passphrase-fd (n) command; the
> documentation for this command is somewhat lacking, I have found some
> external references on what (n) is used for; none of which work correctly.

Programmers usually know what a file descriptor is; it is one of the
essential concepts of Unix.

echo "my passphrase" | gpg --passphrase-fd 0

The pipe symbol (|) connects the file descriptor 0 of gpg (aka stdin)
with the output file descriptor of echo (aka stdout).  --passphrase-fd
0 tells gpg to expect the passphrase on file descriptor 0.

> gpg: DBG: fd_cache_close (/XXXX/bin/keys_lib//pubring.gpg) new
> Reading passphrase from file descriptor 3 ...gpg: out of secure memory while
> allocating 1800 bytes
> gpg: (this may be caused by too many secret keys used simultaneously or due
> to excessive large key sizes)

No, becuase the passphrase is getting to large (the stuff you sent to stdin)

> I can get the process to work if I create a key with no Passphrase, but
> dosent that negate the PGP process or is the Passphrase only part of the PGP

The passphrase is only used to protect the secret key stored on your
hard disk, so that if someone gets unauthorized access to your
account, he can't use the secret key instantly (has to guess your
passphrase first or install a trojan to snoop for it, the next time
you use the system).

So for an unattended application it does not make much sense to have a
passphrase at all.  The FAQ (see www.gnupg.org) has also some hints on
it.


Salam-Shalom,

   Werner