Use of --passphrase-file
ndk.clanbo at gmail.com
Sat Feb 20 09:48:13 CET 2016
Il 19/02/2016 15:17, Harman, Michael ha scritto:
> Thanks Brian. I think I tried this but I couldn’t figure out how to
> completely hide the passphrase so no one could get to it. Maybe I was
> using it incorrectly. Since this is an unattended operation that runs
> day and night, I wanted to secure the passphrase so gpg could get to it
> without human intervention, but not let anyone else see or know where it
> was stored.
What about using a smartcard? You supply the PIN only at boot, then it
stays unlocked ad long as the system is working. This way an attacker
couldn't steal the secret key even if successful at breaking in.
More information about the Gnupg-users