Signing message problem with GPG loopback pin-entry option

Ingo Klöcker kloecker at kde.org
Sun Feb 20 18:00:36 CET 2022


On Sonntag, 20. Februar 2022 17:37:51 CET Alireza Sadeghpour wrote:
> On Sun, 20 Feb 2022, 7:37 PM Ingo Klöcker, <kloecker at kde.org> wrote:
> > On Sonntag, 20. Februar 2022 16:25:31 CET Alireza Sadeghpour wrote:
> > > I am trying to encrypt and sign a file with gpg and loopback pinentry
> > > option, with the below command:
> > > 
> > > gpg --pinentry-mode=loopback --passphrase ="mypws" \
> > > --ignore-time-conflict --ignore-valid-from \
> > > --cipher-algo AES256 --symmetric --ignore-time-conflict \
> > > --passphrase-file ~/.gnupg/PG/p-enckey --trust-model always -q --batch
> > > --yes --local-user "UserID" \
> > > --sign --force-mdc \
> > > --output /var/psigner/2 \
> > > /var/psigner/1
> > 
> > Using the options --passphrase *and* --passphrase-file makes no sense.
>
> Actually i need to use two keys, one  for aes encryption and another one is
> used for rsa signing, which both of them are protected with a passphrase.
> 
> I tried to indicate rsa key passphrase with --passphrase option and aes key
> with --passphrase-file option.
> 
> If that is wrong, how can i indicate passphrase for two separate keys in
> same command?

Our usual reply to people trying to do provide a passphrase for doing 
automatic signing (or decryption) is: Use a passphrase-less key.

If you put the passphrase needed for the signing key next to the signing key, 
then you do not gain any security by protecting the signing key with a non-
empty passphrase. That's like putting a super secure lock into the front door 
of your house and then hanging the key next to the door on a nail.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220220/7b13fe0d/attachment.sig>


More information about the Gnupg-users mailing list