GPG question

David Shaw dshaw at jabberwocky.com
Mon Aug 14 16:39:42 CEST 2006


On Mon, Aug 14, 2006 at 09:25:39AM -0500, Brian Rosenvinge wrote:
> I have been trying to automate the pass phrase for the first GPG 
> instance below.  Is it possible with this string and if so where would I 
> add the command?  Sorry if this is a dumb question, I am just getting 
> started trying to script using GPG.

GPG can do it, of course, but automating passphrases is something that
needs some thought before you go ahead.  There are three ways to pass
a passphrase to GPG: via a file, via a file descriptor, or just on the
command line.  Any of these will work, but you need to ask yourself
whether this is a risk in your environment.  For example, if you pass
the passphrase on the command line, anyone who can log into the box
can see the passphrase via 'ps'.  If you pass the passphrase via a
file, anyone who can read that file can see the passphrase.  These
details are also different on Unix-like systems or Win32 (not sure
which you are using).

You also need to ask yourself: if you're just going to hardcode a
passphrase anyway, would it be better to simply use a key with no
passphrase at all?

On the command line:
  gpg --passphrase (the-passphrase)

Via a file:
  gpg --passphrase-file (the-filename)

Via a file descriptor
  gpg --passphrase-fd (the-fd)

David



More information about the Gnupg-users mailing list