batch file automation -Nearly There!

Peter Lebbing peter at digitalbrains.com
Fri Oct 8 10:21:51 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On -10/01/37 20:59, Peter Pentchev wrote:
> On Fri, Oct 08, 2010 at 12:24:17AM +0100, Lee Elcocks wrote:
> [snip]
>> ECHO bingos| GPG --batch -se --passphrase-fd 0 -r PGPTOKEY -o "C:\encryptedfiles\%F.pgp"
> 
> Erm... on this line, where are you telling GPG to actually encrypt the %F file?

It's been a while since I've written any sort of Windows batch scripting, but
looking at the rest of the statements, it seems the output should be specified
as %%F.pgp, not %F.pgp, and that is why you end up with a file called f.pgp (the
% is dropped as an escape char). The fact you don't specify an input file causes
the f.pgp file not to contain anything useful.

So probably it should read

ECHO bingos| GPG --batch -se --passphrase-fd 0 -r PGPTOKEY -o
"C:\encryptedfiles\%%F.pgp" %%F

Furthermore, it is almost always a better idea to drop the passphrase from the
key than to specify the passphrase in some file. In this specific case,
depending on your OS, the "echo bingos" might even show up in the process list
for any user of the machine to read. At least the secret keyring should be
protected by file permissions so only you and the superuser can read it.

Best to avoid a false sense of security by having a passphrase on a key and that
passphrase in plain text on your disk, and just remove the passphrase
altogether. That's usually the price to pay for automated signing. Only much
more elaborate setups can provide extra security in such a case.

Then again, I'm not a security expert.

You could create a signing key especially for this purpose and label it
"(Automated Signing Key)" for clarity. And another signing key that is
passphrase protected and use that when you yourself explicitly sign some document.

Good luck,

Peter.

- -- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt
(new, larger key created on Nov 12, 2009)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMrtSYAAoJEJaeAY/ebNyh27cH/jYuLBhINoviX9O2pNIZRZNy
yFrFeCAyttgmdq3GY+tGzdebOhnARZAKwh0sK4QZPFg8ho+cUhNetPJcGHKvQMEx
GzbhjC++exvUW8leogNw6kcMZ6zVTCbeoEBzlZHUi8uP9gOo9ZsrujeWNwOBV5cw
f4iDqxXvlsl1sghgkxISt0SRHY1nHKk21apHuTNnKO+Z9esGgXTE+4YPpNQ6QGug
p9X9Urvn13PaGfK68rEt9U3HZMjHm37mYBnak2vvtv2lBYFfF4IM+CKAUoeh7SER
RwioXnNWQqRRmnrFGGmKQgWbwKqDCgptRP8QZAvLQ9upwP7+Hxu+ut+m3z2GPig=
=OQNc
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list