Passphrase as parameter in the command line
Frank Tobin
ftobin@neverending.org
Fri Jan 4 18:10:02 2002
ritter, horst (EDS CH), at 16:37 -0000 on 2002-01-04, wrote:
> How can I give gpg the passphrase as parameter in the commandline to
> decrypt files, instead to type it in after GPG's request? I need this
> to automaticaly process a lot of files under UNIX, managed by self
> written program.
You don't give the passphrase as an argument to GnuPG. GnuPG's policy
(which I don't agree with) is that you must pass in such sensitive data on
a filehandle, namely --passphrase-fd. See the manpage on this option for
details.
The policy is due to a unixism that command-line parameters are often (but
not always) globally viewable by tools such a ps. Sort of a 'save the
users from themselves'. Not that I agree with the approach, though.
--
Frank Tobin http://www.neverending.org/~ftobin/