Newbie question - how to include the pass phrase in the command

Steve Butler
Thu Jun 5 20:12:01 2003

I have never tried without a pass phrase.  However, you can remove the pass
phrase, test it, add the pass phrase back, or even change the pass phrase to
something else.

I'll have to point you to the documentation and then let you experiment from

Use the --edit option on the command line.  You will then be able to change
various things about the key.  One of those is the 'passwd' command.

gpg --edit kg7je
Secret key is available.

pub  1024D/038581D8  created: 2002-03-07 expires: never      trust: u/u
sub  2048g/A2A2E9F8  created: 2002-03-07 expires: never     
(1). Steve Butler <>
(2)  Stephen M Butler <>

Command> passwd
Key is protected.

You need a passphrase to unlock the secret key for
user: "Steve Butler <>"
1024-bit DSA key, ID 038581D8, created 2002-03-07

Enter passphrase: <<pass phrase>>
Enter the new passphrase for this secret key.

Enter passphrase:<<hit return here>>
Repeat passphrase:<<hit return here>>
You don't want a passphrase - this is probably a *bad* idea!

Do you really want to do this?Y
Command> save

And that will remove your pass phrase.  Similar steps will add it back on

Yes, I reset mine.  <<grin>>


-----Original Message-----
From: Ping Kam []
Sent: Thursday, June 05, 2003 8:52 AM
Subject: Re: Newbie question - how to include the pass phrase in the

----- Original Message -----
From: "Steve Butler" <>
To: "'Ping Kam'" <>; <>
Sent: Thursday, June 05, 2003 8:50 AM
Subject: RE: Newbie question - how to include the pass phrase in the command

> There are two ways to do this.  Both work for Windows or Unix.  But since
> I'm on Unix I'll show the Unix flavor and point out what I've heard about
> doing it on Windows.

> 1.  First, the easiest way.  Remove the pass phrase.  Well, since the pass
> phrase is going to be on the box anyway and somebody is likely to see it
> (especially when rooting around in the file system) why not make it easier
> on yourself.  No pass phrase is the #1 recommend solution for those who
> some sort of automated interface.
I have two question though.
First, how to remove the pass phrase?
Can I still sign the encyption?  I don't want to remove the pass phrase and
then find out that I can't sign the file without the pass phrase and now I
can't restore the pass phrase.

> 2.  Then, for folks like me <<grin>>, who must have to have that false
> of at least trying to raise a roadblock, do some simple code encryption
> a mildly interested hacker could decode in two heartbeats but would stop
> casual observer.  (1's compliment, zip compression, hex dump, etc, or some
> combo of two or more) then feed it via the following mechanism:
>    my_decrypt < my_pass_file | gpg --homedir $homedir --passphrase-fd 0 \
>         --output "$3" --decrypt "$2"
> Now, I've heard piping in the above manner doesn't work on Windows and
> the passphrase-fd isn't a number but some DOS type file handle.  But, if
> were doing this on Unix (or Linux) that's the command line you'd use.
> Perhaps the Windows experts can clue you in on how the FD is formatted and
> handled in the Windows world.
I have got a script sample from a friend like this for windows

echo %1|gpg  --encrypt --output %2.asc --armour --recipient
our_own_userid --encrypt-to the_recipient_userid --passphrase-fd 0 %2

Then I can execute the cmd file like this
MyCmdFile MyPassphrase SourceFileName

What I find out that it will encrypt the file even without the pass phrase.
What I mean is the following will work
  echo |gpg  --encrypt --output %2.asc --armour --recipient
our_own_userid --encrypt-to the_recipient_userid --passphrase-fd 0 %2
then execute the cmd file without the passphrase parameter

But if I add the --sign option, in both case, then GPG will prompt me to
enter the passphrase.  If I call execute cmd file from a window apps, then
no file will be created.  Since GPG just run in the background, the user
can't see the command window to complete the encryption, and the process
will not terminated.  I can see one more instance added to the task manager
everytime I execute the cmd from a window app.

So how can I sign a file using the command line without any interaction with

I hope I make it clear.

Ping Kam

Gnupg-users mailing list

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.