--passphrase option // can two different passphrases be used in the same command?

vedaal at hush.com vedaal at hush.com
Wed Mar 28 17:55:22 CEST 2007 

a question came up yesterday on the alt.security.pgp list

someone was trying to sign and symmetrically encrypt a message,
and wanted to do this as one command, first entering the passphrase 
for signing, and then entering a different passphrase for 
symmetrical encryption,
and could not get it to work

i tried many different variations of this on the commandline,
and it seems that gnupg (1.4.7) recognizes only the second 
passphrase listed

if the second passphrase is the correct one for the signing key,
then the message will be signed but also symmetrically encrypted 
with the same passphrase (the passphrase for the signing key)
example:

c:\gnupg>gpg --armor --passphrase sss -c -u aaaa1 -s --passphrase 
aaaa1 c:\1.txt

You need a passphrase to unlock the secret key for
user: "aaaa1 <aaaa1 at key.test>"
2048-bit RSA key, ID F9015496, created 2005-12-01

gpg: TWOFISH encryption will be used
gpg: writing to `c:\1.txt.asc'
gpg: RSA/SHA256 signature from: "F9015496 aaaa1 <aaaa1 at key.test>"

this message decrypts with the passphrase aaaa1, but not with the 
passphrase sss


if the second passphrase is the symmetric encryption passphrase,
then gnupg will abort

example:

c:\gnupg>gpg --armor --passphrase aaaa1 -u aaaa1 -s -c --passphrase 
sss c:\1.txt

You need a passphrase to unlock the secret key for
user: "aaaa1 <aaaa1 at key.test>"
2048-bit RSA key, ID F9015496, created 2005-12-01

gpg: skipped "aaaa1": bad passphrase
gpg: c:\1.txt: sign+symmetric failed: bad passphrase


is there a way to direct gnupg to remember one passphrase for 
signing,
and another one for symmetrically encrypting?

this might be useful for some automated messages,
otherwise, the simple workaround is just to do:

gpg --armor -u keyname -s -c filename

and enter the passphrases separately at each of the gpg prompts


tia,

vedaal

--
Click for home mortgage, fast & free, no lender fee, approval today
http://tagline.hushmail.com/fc/CAaCXv1QbtbAM5lao4GFSo9WIpRelaQq/

More information about the Gnupg-users mailing list