newbie : passphrase as an env. variable or command-line optio n ?

Gareth Woodhouse gareth.woodhouse@pinnacle.co.uk
Wed Jan 15 15:14:02 2003


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2BCA0.74DEE870
Content-Type: text/plain; charset="iso-8859-1"


What you can do is use the gpg-agent programs WINGPGA.exe and killagent.exe
with the -use-agent (something like that).
WINGPGA.exe starts a background agent that holds the pass phrase after
entering it one time and holds it in memory automatically entering it for
any further decryptions the killagent.exe kills the background agent
clearing the memory and eliminating the threat of the pass phrase being
stolen.

This was the only way I managed to limit user interaction in a windows
environment whilst keeping my key and data secure.

Gareth Woodhouse.

-----Original Message-----
From: Adrian 'Dagurashibanipal' von Bidder [mailto:avbidder@fortytwo.ch]
Sent: 15 January 2003 11:19
To: Gnupg-users@gnupg.org
Subject: Re: newbie : passphrase as an env. variable or command-line
option ?


[ please don't steal threads - i.e. reply to a message to start a new
topic ]

On Tue, 2003-01-14 at 12:49, Anton Bruckner wrote:
> Hello,
> 
> Is there a possibility of giving the passphrase in the command line or as
an
> environnement variable so as to have no further interaction with gpg, or
> should one use the library instead ?

Both, command line and environment, are not secure. gpg has various
--*-fd arguments to remote-control it, including a --passphrase-fd.

cheers
-- vbi

-- 
get my gpg key here: http://fortytwo.ch/gpg/92082481


**********************************************************************
CONFIDENTIALITY.This e-mail and any attachments are 
confidential and may also be privileged. If you are not the 
named recipient, please notify the sender immediately and 
do not disclose the contents to another person, use it for any
purpose, or store or copy the information in any medium. Any
views expressed in this message are those of the individual
sender, except where the sender specifically states them to
be the views of Pinnacle Insurance plc.

If you have received this email in error please immediately
notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


------_=_NextPart_001_01C2BCA0.74DEE870
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2653.12">
<TITLE>RE: newbie : passphrase as an env. variable or command-line option ?=
</TITLE>
</HEAD>
<BODY>
<BR>

<P><FONT SIZE=3D2>What you can do is use the gpg-agent programs WINGPGA.exe=
 and killagent.exe with the -use-agent (something like that).</FONT>
<BR><FONT SIZE=3D2>WINGPGA.exe starts a background agent that holds the pas=
s phrase after entering it one time and holds it in memory automatically en=
tering it for any further decryptions the killagent.exe kills the backgroun=
d agent clearing the memory and eliminating the threat of the pass phrase b=
eing stolen.</FONT></P>

<P><FONT SIZE=3D2>This was the only way I managed to limit user interaction=
 in a windows environment whilst keeping my key and data secure.</FONT></P>

<P><FONT SIZE=3D2>Gareth Woodhouse.</FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Adrian 'Dagurashibanipal' von Bidder [<A HREF=3D"m=
ailto:avbidder@fortytwo.ch">mailto:avbidder@fortytwo.ch</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: 15 January 2003 11:19</FONT>
<BR><FONT SIZE=3D2>To: Gnupg-users@gnupg.org</FONT>
<BR><FONT SIZE=3D2>Subject: Re: newbie : passphrase as an env. variable or =
command-line</FONT>
<BR><FONT SIZE=3D2>option ?</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>[ please don't steal threads - i.e. reply to a message to=
 start a new</FONT>
<BR><FONT SIZE=3D2>topic ]</FONT>
</P>

<P><FONT SIZE=3D2>On Tue, 2003-01-14 at 12:49, Anton Bruckner wrote:</FONT>
<BR><FONT SIZE=3D2>&gt; Hello,</FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; Is there a possibility of giving the passphrase in =
the command line or as an</FONT>
<BR><FONT SIZE=3D2>&gt; environnement variable so as to have no further int=
eraction with gpg, or</FONT>
<BR><FONT SIZE=3D2>&gt; should one use the library instead ?</FONT>
</P>

<P><FONT SIZE=3D2>Both, command line and environment, are not secure. gpg h=
as various</FONT>
<BR><FONT SIZE=3D2>--*-fd arguments to remote-control it, including a --pas=
sphrase-fd.</FONT>
</P>

<P><FONT SIZE=3D2>cheers</FONT>
<BR><FONT SIZE=3D2>-- vbi</FONT>
</P>

<P><FONT SIZE=3D2>-- </FONT>
<BR><FONT SIZE=3D2>get my gpg key here: <A HREF=3D"http://fortytwo.ch/gpg/9=
2082481" TARGET=3D"_blank">http://fortytwo.ch/gpg/92082481</A></FONT>
</P>

<CODE><FONT SIZE=3D3><BR>
<BR>
**********************************************************************<BR>
CONFIDENTIALITY.This e-mail and any attachments are <BR>
confidential and may also be privileged. If you are not the <BR>
named recipient, please notify the sender immediately and <BR>
do not disclose the contents to another person, use it for any<BR>
purpose, or store or copy the information in any medium. Any<BR>
views expressed in this message are those of the individual<BR>
sender, except where the sender specifically states them to<BR>
be the views of Pinnacle Insurance plc.<BR>
<BR>
If you have received this email in error please immediately<BR>
notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.<BR>
<BR>
This footnote also confirms that this email message has been swept by<BR>
MIMEsweeper for the presence of computer viruses.<BR>
<BR>
www.mimesweeper.com<BR>
**********************************************************************<BR>
</FONT></CODE>
</BODY>
</HTML>
------_=_NextPart_001_01C2BCA0.74DEE870--