Newbie question - how to include the pass phrase in the command
Johan Wevers
johanw@vulcan.xs4all.nl
Fri Jun 6 13:00:02 2003
Ping Kam wrote:
> But I am quite confused. I always thought that it will require the userid
> and password pair to encrypt and decrypt files. It seems like GPG only
> needs the userids.
If the secret key is not encrypted, you only need the userID. The password,
that is used to decrypt the secret key, is not needed when the key is not
encrypted.
> So any one knows how to use GPG, knows your userid and the recipient's
> userid, and have access to your computer can encrypt and decrypt on your
> computer.
If your key is not encrypted, yes. That's why I think unencrypted keys is
a bad idea anyway, and I also think the decision of not having passwords
passed on the command line is a bad idea. Not that I don't agree that
passing it via a file descriptor is safer, but it's more difficult so more
people will remove the passphrase completely in an automated environment.
And with the comming of virusses/trojans that can copy secret keys out of
the machine, a key with a password in a non-standard place (like a script
or an input file for the fd) is safer than a key without a passphrase.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html