v2.3 of gnupg for automation?

raf gnupg at raf.org
Thu Oct 28 06:09:22 CEST 2021

On Wed, Oct 27, 2021 at 09:33:16AM +0200, Werner Koch via Gnupg-users <gnupg-users at gnupg.org> wrote:

> On Tue, 26 Oct 2021 18:21, Robert J. Hansen said:
> > That's true, and is correct.  If you're passing a passphrase via the
> > command line, that passphrase becomes visible to anyone with the
> > privileges to get a list of processes and arguments.  At that point the
> > passphrase really isn't providing much in the way of security.
> I fully agree.
> If, for whatever reasons, a passphrase is required the suggested
> workaround is to add
>   --pinentry-mode=loopback
> to the gpg invocation.
> Salam-Shalom,
>    Werner

But be warned, loopback doesn't handle password retries after a failure.
If it did, it would be great. But for automation, that shouldn't matter.


More information about the Gnupg-users mailing list