GPG Passphrase on the command line

Johan Wevers johanw at vulcan.xs4all.nl
Sun Sep 25 00:43:44 CEST 2005


Low, Claudia wrote:

>  Is there an option, eg. --passphrase, that I can use so that I can
>pass the passphrase in the command line when doing a signing, symmetric
>encryption or decryption? Without this option, I will be prompted on the
>console.

No, you'll have to pipe it through a file descriptor with --passphrase-fd.
But with the echo command it can be done on a commandline too on fd 0:
echo password | gpg --passphrase-fd 0 --decrypt / --encrypt.

For some reasons I don't completely understand the GnuPG developers feel
this is less insecure than a normal commandline (you're certainly not the
first to ask this...).

>  In my program, I can only use command line to execute the commands. I
>am not able to pass in the passphrase from a file (using file
>descriptor).
 
Piping doesn't necessarily require a file. I don't know what language your
application is in, but for C or C++, see pipe(), dup2() and fork().

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



More information about the Gnupg-users mailing list