GPG Passphrase on the command line

Samuel ]slund samuel at Update.UU.SE
Sun Sep 25 19:34:59 CEST 2005

On Sun, Sep 25, 2005 at 12:43:44AM +0200, Johan Wevers wrote:
> No, you'll have to pipe it through a file descriptor with --passphrase-fd.
> But with the echo command it can be done on a commandline too on fd 0:
> echo password | gpg --passphrase-fd 0 --decrypt / --encrypt.
> For some reasons I don't completely understand the GnuPG developers feel
> this is less insecure than a normal commandline (you're certainly not the
> first to ask this...).

I would guess the reasoning is something like, "when you know enough to
be able to do it you know why _not_ to do it", a consious decission that
this breach of security does not hurt is a lot less dangerous than
breaking security without knowing.

Just some thoughts.

More information about the Gnupg-users mailing list