Using a passphrase FD from variable and piped data for encryption

Peter Lebbing peter at
Tue Apr 19 17:20:33 CEST 2016

On 19/04/16 14:12, Dashamir Hoxha wrote:
> The second way (described by Peter) is just more complex and more 
> difficult to understand, but not safer. Am I right?

It's not safer. Regarding the complexity, however, the data to encrypt
is already on fd 0, so you would need to move either the data or the
passphrase to another fd, I think. The example from your code on GitHub
doesn't get data piped to it, so it doesn't need multiple fd's, which is
the point where it gets more complicated.

Depending on how --passphrase-file is implemented, it might be possible
to use --passphrase-file <(echo pass), which isn't very complicated.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list