v2.3 of gnupg for automation?
Robert J. Hansen
rjh at sixdemonbag.org
Wed Oct 27 00:21:16 CEST 2021
> We’ve been using v1.4 of gnupg because I read in the documentation
> and user comments and in my testing, that v2.X couldn’t be used in
> software automation workflows.
This might have been true several years ago, but it isn't true today.
> there was a feature (that seemed intentional) that the passphrase had
> to be entered manually in a popup window in v2.X.
That's true, and is correct. If you're passing a passphrase via the
command line, that passphrase becomes visible to anyone with the
privileges to get a list of processes and arguments. At that point the
passphrase really isn't providing much in the way of security.
> And that even when that was supposedly not required, it still
> happened occasionally to users, that their automation couldn’t
> process the file because gnupg v2.X required the manual input.
I'm unaware of any instance of this being true. I am aware of *many*
instances of people discovering they did, in fact, have a passphrase on
their key after swearing up and down they didn't.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211026/48e76044/attachment.sig>
More information about the Gnupg-users
mailing list