Newbie question - how to include the pass phrase in the command

Ping Kam
Thu Jun 5 17:48:01 2003

----- Original Message -----
From: "Steve Butler" <>
To: "'Ping Kam'" <>; <>
Sent: Thursday, June 05, 2003 8:50 AM
Subject: RE: Newbie question - how to include the pass phrase in the command

> There are two ways to do this.  Both work for Windows or Unix.  But since
> I'm on Unix I'll show the Unix flavor and point out what I've heard about
> doing it on Windows.

> 1.  First, the easiest way.  Remove the pass phrase.  Well, since the pass
> phrase is going to be on the box anyway and somebody is likely to see it
> (especially when rooting around in the file system) why not make it easier
> on yourself.  No pass phrase is the #1 recommend solution for those who
> some sort of automated interface.
I have two question though.
First, how to remove the pass phrase?
Can I still sign the encyption?  I don't want to remove the pass phrase and
then find out that I can't sign the file without the pass phrase and now I
can't restore the pass phrase.

> 2.  Then, for folks like me <<grin>>, who must have to have that false
> of at least trying to raise a roadblock, do some simple code encryption
> a mildly interested hacker could decode in two heartbeats but would stop
> casual observer.  (1's compliment, zip compression, hex dump, etc, or some
> combo of two or more) then feed it via the following mechanism:
>    my_decrypt < my_pass_file | gpg --homedir $homedir --passphrase-fd 0 \
>         --output "$3" --decrypt "$2"
> Now, I've heard piping in the above manner doesn't work on Windows and
> the passphrase-fd isn't a number but some DOS type file handle.  But, if
> were doing this on Unix (or Linux) that's the command line you'd use.
> Perhaps the Windows experts can clue you in on how the FD is formatted and
> handled in the Windows world.
I have got a script sample from a friend like this for windows

echo %1|gpg  --encrypt --output %2.asc --armour --recipient
our_own_userid --encrypt-to the_recipient_userid --passphrase-fd 0 %2

Then I can execute the cmd file like this
MyCmdFile MyPassphrase SourceFileName

What I find out that it will encrypt the file even without the pass phrase.
What I mean is the following will work
  echo |gpg  --encrypt --output %2.asc --armour --recipient
our_own_userid --encrypt-to the_recipient_userid --passphrase-fd 0 %2
then execute the cmd file without the passphrase parameter

But if I add the --sign option, in both case, then GPG will prompt me to
enter the passphrase.  If I call execute cmd file from a window apps, then
no file will be created.  Since GPG just run in the background, the user
can't see the command window to complete the encryption, and the process
will not terminated.  I can see one more instance added to the task manager
everytime I execute the cmd from a window app.

So how can I sign a file using the command line without any interaction with

I hope I make it clear.

Ping Kam