GPG Passphrase on the command line

Johan Wevers johanw at
Mon Sep 26 19:20:02 CEST 2005

Werner Koch wrote:

>> echo password | gpg --passphrase-fd 0 --decrypt / --encrypt.

>> For some reasons I don't completely understand the GnuPG developers feel
>> this is less insecure than a normal commandline (you're certainly not the
>> first to ask this...).

>On a multi-user machine it is trivial to see the command line and even
>the environment of all users without the need of root privileges.
>Further the passphrase will be visible in the command line edit

But typing the above line on the commandline has the same problems.

Further, that commandline history is only saved in certain shells,
like bash. I work in tcsh, which uses a memory buffer for command
history. Once you exit tcsh the commandline history is gone.

ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at   //
PGP/GPG public keys at

More information about the Gnupg-users mailing list