GPG : "No secret key found" error

[Abhisht Sharma]

Hi Robert,

I am trying to write in plain text mode so hopefully you won't be
seeing it in HTML.
I really appreciate the help you have provided me so far.

I am really not into networking and encryption stuff, so please expect
few dumb questions from me.

Can you please suggest to me the steps that I should follow to
redesign my solution, considering the password security?
I have the private keys and passphrase of the PGP encrypted files.

Now, my basic question is where/how should I store the decryption
password and what would be my "gpg" command.

Appreciate your help.

-regards,
Abhisht Sharma


On Thu, 10 Jun 2021 at 10:46, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>
> > But, this command had a risk of exposing *$PASSPHRASE* to the UNIX
> > console if any user executes *ps -ef* command while the code is running.
> > This was a huge security breach so I chose the *--passphrase-file*
> > option to read the decryption password from a file.
> >
> > Now, all I need is to place the file, which stores the decryption
> > password, with strict user permissions.
>
> And this is probably a bad idea.
>
> Clearly, you have a place where you feel it's safe to store a file
> containing the passphrase for your certificate.  So remove the
> passphrase from your certificate and store it there, in that safe place
> on your filesystem.
>
> > Having said that, just to add a little bit of more security...
>
> This is a really bad habit: thinking that "I'll just add one more step
> to add a little bit more security."  It's endemic to the community --
> you are far from the only person to have it.  But it's a bad habit, and
> here's why: security decisions always need to be connected to your
> threat model.
>
> Is there something in your threat model you can point to and say,
> "because of this particular threat we're concerned about, this step I
> want to take is warranted"?  If so, go for it.  If not, don't.



--
With Regards,
Abhisht Sharma
+353 899875624