Using a passphrase FD from variable and piped data for encryption

Dashamir Hoxha dashohoxha at gmail.com
Wed Apr 20 12:36:41 CEST 2016


On Wed, Apr 20, 2016 at 11:21 AM, Peter Lebbing <peter at digitalbrains.com>
wrote:

> On 20/04/16 09:10, Dashamir Hoxha wrote:
> > And I also believe that it is not less secure than the other solutions.
>
> You mean like Phil Zimmerman believed BassOmatic was secure?
>

Thanks for comparing me to  Phil Zimmerman. I am taking this as a
compliment :)

What I mean is that the security of `pw` depends on `gpg`
encryption/decryption.
It can use both symmetric and assymetric encryption, depending of how you
want to use it.
I also try to be careful on the script about not leaking the passphrase
somehow. This is for the case of symmetric enryption. For the assymetric
encryption the passphrase is handled by the pinentry, so it is as safe as
`gpg` itself.

I don't think that the encryption used by KeePass (and other tools like it)
is stronger or safer than the encryption of `gpg`.
If there are any problems, most probably they are on my script, and I
beleive that they can be fixed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160420/606e406a/attachment.html>


More information about the Gnupg-users mailing list