Use of --passphrase-file
Harman, Michael
Michael.Harman at uhsinc.com
Fri Feb 19 15:17:01 CET 2016
Thanks Brian. I think I tried this but I couldn’t figure out how to completely hide the passphrase so no one could get to it. Maybe I was using it incorrectly. Since this is an unattended operation that runs day and night, I wanted to secure the passphrase so gpg could get to it without human intervention, but not let anyone else see or know where it was stored.
Mike
Michael W. Harman, MIT | Senior Application Architect, Information Services | UHS of Delaware, Inc. | a subsidiary of Universal Health Services | Phone 610.768.3416
From: Brian Minton [mailto:brian at minton.name]
Sent: Thursday, February 18, 2016 3:10 PM
To: Harman, Michael; gnupg-users at gnupg.org
Subject: Re: Use of --passphrase-file
A pretty good option is to use gpg-agent. It can keep your passphrase /secret key in (secure) memory for a few minutes so you can use the key in scripted tasks.
On Thu, Feb 18, 2016, 4:24 PM Harman, Michael <Michael.Harman at uhsinc.com<mailto:Michael.Harman at uhsinc.com>> wrote:
I am attempting to automate a process that decrypts files. The files are encrypted with my key which has a passphrase. I have determined I can use the “--passphrase-file” option to get the passphrase of my key. In the gpg documentation at https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html, under “--passphrase-file file” it says “Don't use this option if you can avoid it”, but I can’t find any alternative solution in the documentation. I found one blog that says to just remove the passphrase, however I’d like to preserve the passphrase. Do you have any recommendations where I can have a passphrase but still use it in an unattended fashion that is secure?
Michael W. Harman, MIT | Senior Application Architect, Information Services | UHS of Delaware, Inc. | a subsidiary of Universal Health Services | Phone 610.768.3416
UHS of Delaware, Inc. Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited, and may be punishable by law. If this was sent to you in error, please notify the sender by reply e-mail and destroy all copies of the original message.
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org<mailto:Gnupg-users at gnupg.org>
http://lists.gnupg.org/mailman/listinfo/gnupg-users
UHS of Delaware, Inc. Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited, and may be punishable by law. If this was sent to you in error, please notify the sender by reply e-mail and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160219/7ca265bb/attachment-0001.html>
More information about the Gnupg-users
mailing list