GPG Passphrase on the command line
Johan Wevers
johanw at vulcan.xs4all.nl
Sun Sep 25 00:43:44 CEST 2005
Low, Claudia wrote:
> Is there an option, eg. --passphrase, that I can use so that I can
>pass the passphrase in the command line when doing a signing, symmetric
>encryption or decryption? Without this option, I will be prompted on the
>console.
No, you'll have to pipe it through a file descriptor with --passphrase-fd.
But with the echo command it can be done on a commandline too on fd 0:
echo password | gpg --passphrase-fd 0 --decrypt / --encrypt.
For some reasons I don't completely understand the GnuPG developers feel
this is less insecure than a normal commandline (you're certainly not the
first to ask this...).
> In my program, I can only use command line to execute the commands. I
>am not able to pass in the passphrase from a file (using file
>descriptor).
Piping doesn't necessarily require a file. I don't know what language your
application is in, but for C or C++, see pipe(), dup2() and fork().
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list