GPG Passphrase on the command line
Johan Wevers
johanw at vulcan.xs4all.nl
Mon Sep 26 19:20:02 CEST 2005
Werner Koch wrote:
>> echo password | gpg --passphrase-fd 0 --decrypt / --encrypt.
>> For some reasons I don't completely understand the GnuPG developers feel
>> this is less insecure than a normal commandline (you're certainly not the
>> first to ask this...).
>On a multi-user machine it is trivial to see the command line and even
>the environment of all users without the need of root privileges.
>Further the passphrase will be visible in the command line edit
>history.
But typing the above line on the commandline has the same problems.
Further, that commandline history is only saved in certain shells,
like bash. I work in tcsh, which uses a memory buffer for command
history. Once you exit tcsh the commandline history is gone.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list