dealing with password in batch file

Henry Hertz Hobbit hhhobbit7 at
Tue Apr 25 08:09:06 CEST 2006

On 21 Apr 2006 Trevor Smith <trevor at> wrote:
>On 21-Apr-06, at 3:11 PM, Sean Cerney wrote:
>> I've been decrypting xml files for a while now with a batch file  
>> that converts the pgp file into an xml file with a timestamp.
>> The thing is I always have to manually enter the password each time  
>> I run the batch file.  I want to
>> ...
>> Any suggestions?  Thank you.
>Sorry, I'm not 100% sure what you're trying to do (I couldn't see any  
>actual gpg stuff in your batch file, but it's been about a hundred  
>years since I've seen a .bat file so I could be missing the  
>obvious...), but if you're trying to automate passphrase entry into a  
>batch file, here is what I have used in a Unix (or, rather, Linux and  
>Mac OS X, actually) bash shell script:
>gpg --passphrase-fd 3 "$FILE" 3<$pwfile
>where $FILE is the file to be decrypted and $pwfile is a variable  
>that is set to some arbitrary file name that contains the passphrase.
>What the above does is (after you create a temporary file with the  
>passphrase in it) tell gpg to read the passphrase from "file  
>descriptor 3" and the last bit (3<$pwfile) tells Unix to redirect the  
>file, $pwfile, into file descriptor 3.
>Obviously you need to modify this somewhat to run on DOS (or Windows,  
>or whatever it's called these days) but it may point you in the right  

You will have to modify it more than just a little.  All that can be redirected in Script files (what used to be called batch files) is just STDIN and STDOUT (<, >).  I don't even know a way to redirect STDERR.  Please correct me if I am wrong.  I tried it for a long while and gave up.  It just didn't know what 2> meant.  You will most likely have to write it in either a VBScript or a JScript tool (I strongly advise using VBScript). In them you have enough power to open up a file, read in the password, close the file and delete the file contaning the password immediately after reading in the password.  In reality, I wouldn't even use VBScript.  I would use C and compile it.  The code size is about the same and it runs much faster and you have more control.  You won't even need to worry about File Descriptor 3 - you will embed the everything in a system() function call with the password embedded into the command.  I use the Mars compiler

Your mileage will vary.  I assume you know where all of the VBScript stuff is.  I just don't think you can do it in batch because cmd.exe just isn't powerful enough to handle the redirect of FD-2 (STDERR), much less FD-3.
A lot of people working with very powerful Linux shells (ksh, sh, bash, etc.) just don't know how weak Windows Shell scripting is.  I used to update all kind of stuff with a huge project (was working with cross compilers for the Hobbit and Intel chips of Pen systems) and finally gave up and demanded that they give me a Turrible-C compiler to do all of it.  At least with that I had findfirst(), findnext() to read the dir, etc and do things accordingly.  The updates were so convoluted with dirs coming into existence and going out of existence that I finally had to use recursion to handle all of the stuff.



Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at

More information about the Gnupg-users mailing list