newbie question

Gareth Woodhouse gareth.woodhouse@pinnacle.co.uk
Tue Jan 7 17:36:01 2003


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2B66B.0B4D0CB0
Content-Type: text/plain; charset="iso-8859-1"

I am also looking for a similar solution to a similar problem.

I have a gpg call in a transaction loop but my users want the password to
appear only the once and not for every record that requires decrypting.
Therefore my thinking was I could have 2 blocks of code within my loop 1 for
the first record found when the password would be entered and the second
block which would be run only if a flag raised from the first block, the
second block would  contain the same gpg --decrypt type command but with a
password suppression option....

Please tell me such a option exists.......

Thanks.

Gareth.

-----Original Message-----
From: madrook@cox.net [mailto:madrook@cox.net]
Sent: 07 January 2003 15:01
To: Graham; GnuPG-Users
Subject: Re: newbie question


Hi Graham,

oops.  I should probably add this important factoid.  Sorry for not saying
it earlier:

I'm trying to setup a batch system - so a GUI shell doesn't work unless it
can be controlled via some sort of automation process.

I read the FAQ that recommended dispensing with passphrases altogether, but
I'm not sure I understand the full implications of that.  It seems better to
have the management program send the password on the command line that to
have no password at all.  I'm guessing that stealing the keyring file is all
someone would need if there were no passphrases.  I'd rather make them have
to steal the keyring AND find AND steal the passphrase before they could use
the keys.

I've used the --password-fd 0 option to send the pwd on STDIN, but in
Windows that means using an input pipe from a file written to disk.  Is
there another way?

I just realized something though -- these other shells must have a mechanism
for getting the passphrase from themselves to GPG -- does anyone know how
they do it?

Thanks,
Brad



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


**********************************************************************
CONFIDENTIALITY.This e-mail and any attachments are 
confidential and may also be privileged. If you are not the 
named recipient, please notify the sender immediately and 
do not disclose the contents to another person, use it for any
purpose, or store or copy the information in any medium. Any
views expressed in this message are those of the individual
sender, except where the sender specifically states them to
be the views of Pinnacle Insurance plc.

If you have received this email in error please immediately
notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


------_=_NextPart_001_01C2B66B.0B4D0CB0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2653.12">
<TITLE>RE: newbie question</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>I am also looking for a similar solution to a similar pro=
blem.</FONT>
</P>

<P><FONT SIZE=3D2>I have a gpg call in a transaction loop but my users want=
 the password to appear only the once and not for every record that require=
s decrypting.</FONT></P>

<P><FONT SIZE=3D2>Therefore my thinking was I could have 2 blocks of code w=
ithin my loop 1 for the first record found when the password would be enter=
ed and the second block which would be run only if a flag raised from the f=
irst block, the second block would&nbsp; contain the same gpg --decrypt typ=
e command but with a password suppression option....</FONT></P>

<P><FONT SIZE=3D2>Please tell me such a option exists.......</FONT>
</P>

<P><FONT SIZE=3D2>Thanks.</FONT>
</P>

<P><FONT SIZE=3D2>Gareth.</FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: madrook@cox.net [<A HREF=3D"mailto:madrook@cox.net=
">mailto:madrook@cox.net</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: 07 January 2003 15:01</FONT>
<BR><FONT SIZE=3D2>To: Graham; GnuPG-Users</FONT>
<BR><FONT SIZE=3D2>Subject: Re: newbie question</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>Hi Graham,</FONT>
</P>

<P><FONT SIZE=3D2>oops.&nbsp; I should probably add this important factoid.=
&nbsp; Sorry for not saying</FONT>
<BR><FONT SIZE=3D2>it earlier:</FONT>
</P>

<P><FONT SIZE=3D2>I'm trying to setup a batch system - so a GUI shell doesn=
't work unless it</FONT>
<BR><FONT SIZE=3D2>can be controlled via some sort of automation process.</=
FONT>
</P>

<P><FONT SIZE=3D2>I read the FAQ that recommended dispensing with passphras=
es altogether, but</FONT>
<BR><FONT SIZE=3D2>I'm not sure I understand the full implications of that.=
&nbsp; It seems better to</FONT>
<BR><FONT SIZE=3D2>have the management program send the password on the com=
mand line that to</FONT>
<BR><FONT SIZE=3D2>have no password at all.&nbsp; I'm guessing that stealin=
g the keyring file is all</FONT>
<BR><FONT SIZE=3D2>someone would need if there were no passphrases.&nbsp; I=
'd rather make them have</FONT>
<BR><FONT SIZE=3D2>to steal the keyring AND find AND steal the passphrase b=
efore they could use</FONT>
<BR><FONT SIZE=3D2>the keys.</FONT>
</P>

<P><FONT SIZE=3D2>I've used the --password-fd 0 option to send the pwd on S=
TDIN, but in</FONT>
<BR><FONT SIZE=3D2>Windows that means using an input pipe from a file writt=
en to disk.&nbsp; Is</FONT>
<BR><FONT SIZE=3D2>there another way?</FONT>
</P>

<P><FONT SIZE=3D2>I just realized something though -- these other shells mu=
st have a mechanism</FONT>
<BR><FONT SIZE=3D2>for getting the passphrase from themselves to GPG -- doe=
s anyone know how</FONT>
<BR><FONT SIZE=3D2>they do it?</FONT>
</P>

<P><FONT SIZE=3D2>Thanks,</FONT>
<BR><FONT SIZE=3D2>Brad</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>Gnupg-users mailing list</FONT>
<BR><FONT SIZE=3D2>Gnupg-users@gnupg.org</FONT>
<BR><FONT SIZE=3D2><A HREF=3D"http://lists.gnupg.org/mailman/listinfo/gnupg=
-users" TARGET=3D"_blank">http://lists.gnupg.org/mailman/listinfo/gnupg-use=
rs</A></FONT>
</P>

<CODE><FONT SIZE=3D3><BR>
<BR>
**********************************************************************<BR>
CONFIDENTIALITY.This e-mail and any attachments are <BR>
confidential and may also be privileged. If you are not the <BR>
named recipient, please notify the sender immediately and <BR>
do not disclose the contents to another person, use it for any<BR>
purpose, or store or copy the information in any medium. Any<BR>
views expressed in this message are those of the individual<BR>
sender, except where the sender specifically states them to<BR>
be the views of Pinnacle Insurance plc.<BR>
<BR>
If you have received this email in error please immediately<BR>
notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.<BR>
<BR>
This footnote also confirms that this email message has been swept by<BR>
MIMEsweeper for the presence of computer viruses.<BR>
<BR>
www.mimesweeper.com<BR>
**********************************************************************<BR>
</FONT></CODE>
</BODY>
</HTML>
------_=_NextPart_001_01C2B66B.0B4D0CB0--