Newbie question - how to include the pass phrase in the command

Steve Butler sbutler@fchn.com
Thu Jun 5 20:12:01 2003


I have never tried without a pass phrase.  However, you can remove the pass
phrase, test it, add the pass phrase back, or even change the pass phrase to
something else.

I'll have to point you to the documentation and then let you experiment from
there.

Use the --edit option on the command line.  You will then be able to change
various things about the key.  One of those is the 'passwd' command.

gpg --edit kg7je
Secret key is available.

pub  1024D/038581D8  created: 2002-03-07 expires: never      trust: u/u
sub  2048g/A2A2E9F8  created: 2002-03-07 expires: never     
(1). Steve Butler <kg7je@attbi.com>
(2)  Stephen M Butler <kg7je@arrl.net>

Command> passwd
Key is protected.

You need a passphrase to unlock the secret key for
user: "Steve Butler <kg7je@attbi.com>"
1024-bit DSA key, ID 038581D8, created 2002-03-07

Enter passphrase: <<pass phrase>>
Enter the new passphrase for this secret key.

Enter passphrase:<<hit return here>>
Repeat passphrase:<<hit return here>>
You don't want a passphrase - this is probably a *bad* idea!

Do you really want to do this?Y
Command> save


And that will remove your pass phrase.  Similar steps will add it back on
again.

Yes, I reset mine.  <<grin>>

--Steve


-----Original Message-----
From: Ping Kam [mailto:pkam@quikcard.com]
Sent: Thursday, June 05, 2003 8:52 AM
To: gnupg-users@gnupg.org
Subject: Re: Newbie question - how to include the pass phrase in the
command


----- Original Message -----
From: "Steve Butler" <sbutler@fchn.com>
To: "'Ping Kam'" <pkam@quikcard.com>; <gnupg-users@gnupg.org>
Sent: Thursday, June 05, 2003 8:50 AM
Subject: RE: Newbie question - how to include the pass phrase in the command


> There are two ways to do this.  Both work for Windows or Unix.  But since
> I'm on Unix I'll show the Unix flavor and point out what I've heard about
> doing it on Windows.
>
Thanks.

> 1.  First, the easiest way.  Remove the pass phrase.  Well, since the pass
> phrase is going to be on the box anyway and somebody is likely to see it
> (especially when rooting around in the file system) why not make it easier
> on yourself.  No pass phrase is the #1 recommend solution for those who
need
> some sort of automated interface.
>
I have two question though.
First, how to remove the pass phrase?
Can I still sign the encyption?  I don't want to remove the pass phrase and
then find out that I can't sign the file without the pass phrase and now I
can't restore the pass phrase.

> 2.  Then, for folks like me <<grin>>, who must have to have that false
sense
> of at least trying to raise a roadblock, do some simple code encryption
that
> a mildly interested hacker could decode in two heartbeats but would stop
the
> casual observer.  (1's compliment, zip compression, hex dump, etc, or some
> combo of two or more) then feed it via the following mechanism:
>
>
>    my_decrypt < my_pass_file | gpg --homedir $homedir --passphrase-fd 0 \
>         --output "$3" --decrypt "$2"
>
>
> Now, I've heard piping in the above manner doesn't work on Windows and
that
> the passphrase-fd isn't a number but some DOS type file handle.  But, if
you
> were doing this on Unix (or Linux) that's the command line you'd use.
> Perhaps the Windows experts can clue you in on how the FD is formatted and
> handled in the Windows world.
>
I have got a script sample from a friend like this for windows

echo %1|gpg  --encrypt --output %2.asc --armour --recipient
our_own_userid --encrypt-to the_recipient_userid --passphrase-fd 0 %2

Then I can execute the cmd file like this
MyCmdFile MyPassphrase SourceFileName

What I find out that it will encrypt the file even without the pass phrase.
What I mean is the following will work
  echo |gpg  --encrypt --output %2.asc --armour --recipient
our_own_userid --encrypt-to the_recipient_userid --passphrase-fd 0 %2
then execute the cmd file without the passphrase parameter

But if I add the --sign option, in both case, then GPG will prompt me to
enter the passphrase.  If I call execute cmd file from a window apps, then
no file will be created.  Since GPG just run in the background, the user
can't see the command window to complete the encryption, and the process
will not terminated.  I can see one more instance added to the task manager
everytime I execute the cmd from a window app.

So how can I sign a file using the command line without any interaction with
GPG?

I hope I make it clear.

Thanks,
Ping Kam


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.