cannot pass in input and passphrase at the same time in batch mode?

Daniel Kahn Gillmor dkg at
Tue Jun 23 06:13:00 CEST 2009

On 06/18/2009 08:41 PM, Harry wrote:
> $echo abcd | gpg -u bob at --output message.pgp -r alice at -se --passphrase-fd 0 << EOF
> 123456
> <EOF

It seems to me like you're expecting standard input (file descriptor 0)
to serve two purposes here:

 a) to feed the cleartext to gpg

 b) to feed the passphrase to gpg

what's not clear to me is how you expect gpg to distinguish between the
two.  In your example above, assuming abcd is the cleartext and 123456
is the passphrase, why not put them in the opposite places?  It seems
fundamentally ambiguous to me, which is probably why gpg isn't dealing
with it how you want.

Instead, you could use separate file descriptors for the two distinct
pieces of data:

 echo abcd | \
 gpg --output foo -r a at -se --passphrase-fd 3 3<<EOF

this continues to use file descriptor 0 (stdin) for the cleartext, but
uses file descriptor 3 (which would normally be unused) to send the
passphrase to gpg, and relies on bash's versatile redirection operators
to provide data for FD 3.  other shells may not be so versatile, though :/

Alternatively, you might be interested in getting gpg-agent up and
running, which could provide you with another technique to do the sort
of unattended operation you're describing (at least for a limited period
of time).



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090623/05cd9511/attachment.pgp>

More information about the Gnupg-users mailing list