GPG : "No secret key found" error

Robert J. Hansen rjh at
Thu Jun 10 02:46:09 CEST 2021

> But, this command had a risk of exposing *$PASSPHRASE* to the UNIX 
> console if any user executes *ps -ef* command while the code is running. 
> This was a huge security breach so I chose the *--passphrase-file* 
> option to read the decryption password from a file.
> Now, all I need is to place the file, which stores the decryption 
> password, with strict user permissions.

And this is probably a bad idea.

Clearly, you have a place where you feel it's safe to store a file 
containing the passphrase for your certificate.  So remove the 
passphrase from your certificate and store it there, in that safe place 
on your filesystem.

> Having said that, just to add a little bit of more security...

This is a really bad habit: thinking that "I'll just add one more step 
to add a little bit more security."  It's endemic to the community -- 
you are far from the only person to have it.  But it's a bad habit, and 
here's why: security decisions always need to be connected to your 
threat model.

Is there something in your threat model you can point to and say, 
"because of this particular threat we're concerned about, this step I 
want to take is warranted"?  If so, go for it.  If not, don't.

More information about the Gnupg-users mailing list