Newbie question - how to include the pass phrase in the command

Steve Butler sbutler@fchn.com
Thu Jun 5 16:51:02 2003 

There are two ways to do this.  Both work for Windows or Unix.  But since
I'm on Unix I'll show the Unix flavor and point out what I've heard about
doing it on Windows.

1.  First, the easiest way.  Remove the pass phrase.  Well, since the pass
phrase is going to be on the box anyway and somebody is likely to see it
(especially when rooting around in the file system) why not make it easier
on yourself.  No pass phrase is the #1 recommend solution for those who need
some sort of automated interface.

2.  Then, for folks like me <<grin>>, who must have to have that false sense
of at least trying to raise a roadblock, do some simple code encryption that
a mildly interested hacker could decode in two heartbeats but would stop the
casual observer.  (1's compliment, zip compression, hex dump, etc, or some
combo of two or more) then feed it via the following mechanism:


   my_decrypt < my_pass_file | gpg --homedir $homedir --passphrase-fd 0 \
        --output "$3" --decrypt "$2"


Now, I've heard piping in the above manner doesn't work on Windows and that
the passphrase-fd isn't a number but some DOS type file handle.  But, if you
were doing this on Unix (or Linux) that's the command line you'd use.
Perhaps the Windows experts can clue you in on how the FD is formatted and
handled in the Windows world.

--Steve Butler
Oracle Administrator
First Choice Health Network
Seattle

-----Original Message-----
From: Ping Kam [mailto:pkam@quikcard.com]
Sent: Wednesday, June 04, 2003 10:12 PM
To: gnupg-users@gnupg.org
Subject: Re: Newbie question - how to include the passphrase in the
command


----- Original Message -----
From: "Wolfgang Bornath" <wbo@mandrakesoft.com>
To: <gnupg-users@gnupg.org>
Sent: Wednesday, June 04, 2003 6:14 PM
Subject: Re: Newbie question - how to include the passphrase in the command


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Are you sure you want to do that? The pass phrase is one of the 2 most
> secret things you have in the whole encryption system. I would not even
> save that into a file on my Linux box, not to think of a Windows box.
I am not hard coding them into the cmd file.  They will be parameters in the
cmd file.

I am creating a Windows GUI  interface which the operator enters the userid
and password to logon, choose the files, the program then uses ShellExecute
to execute the command file and pass the parameters.

The user may choose more than one file.  I don't want the user to re-enter
the passphrase again for every file.  Does this make sense?

> The passphrase is something you have in your biological memory or -if
> that has occasional brake-downs (like mine) - you save it somewhere on
> a floppy in your locker.

> Sorry, I can't answer your question.
Can you answser now?

Ping Kam


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.