GPG Passphrase on the command line
johanw at vulcan.xs4all.nl
Mon Sep 26 19:20:02 CEST 2005
Werner Koch wrote:
>> echo password | gpg --passphrase-fd 0 --decrypt / --encrypt.
>> For some reasons I don't completely understand the GnuPG developers feel
>> this is less insecure than a normal commandline (you're certainly not the
>> first to ask this...).
>On a multi-user machine it is trivial to see the command line and even
>the environment of all users without the need of root privileges.
>Further the passphrase will be visible in the command line edit
But typing the above line on the commandline has the same problems.
Further, that commandline history is only saved in certain shells,
like bash. I work in tcsh, which uses a memory buffer for command
history. Once you exit tcsh the commandline history is gone.
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users