batch file automation -Nearly There!

Peter Lebbing peter at
Fri Oct 8 10:21:51 CEST 2010

Hash: SHA1

On -10/01/37 20:59, Peter Pentchev wrote:
> On Fri, Oct 08, 2010 at 12:24:17AM +0100, Lee Elcocks wrote:
> [snip]
>> ECHO bingos| GPG --batch -se --passphrase-fd 0 -r PGPTOKEY -o "C:\encryptedfiles\%F.pgp"
> Erm... on this line, where are you telling GPG to actually encrypt the %F file?

It's been a while since I've written any sort of Windows batch scripting, but
looking at the rest of the statements, it seems the output should be specified
as %%F.pgp, not %F.pgp, and that is why you end up with a file called f.pgp (the
% is dropped as an escape char). The fact you don't specify an input file causes
the f.pgp file not to contain anything useful.

So probably it should read

ECHO bingos| GPG --batch -se --passphrase-fd 0 -r PGPTOKEY -o
"C:\encryptedfiles\%%F.pgp" %%F

Furthermore, it is almost always a better idea to drop the passphrase from the
key than to specify the passphrase in some file. In this specific case,
depending on your OS, the "echo bingos" might even show up in the process list
for any user of the machine to read. At least the secret keyring should be
protected by file permissions so only you and the superuser can read it.

Best to avoid a false sense of security by having a passphrase on a key and that
passphrase in plain text on your disk, and just remove the passphrase
altogether. That's usually the price to pay for automated signing. Only much
more elaborate setups can provide extra security in such a case.

Then again, I'm not a security expert.

You could create a signing key especially for this purpose and label it
"(Automated Signing Key)" for clarity. And another signing key that is
passphrase protected and use that when you yourself explicitly sign some document.

Good luck,


- -- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
(new, larger key created on Nov 12, 2009)
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list