pipe passphrase to unlock key
Werner Koch
wk at gnupg.org
Tue Jul 31 11:32:37 CEST 2012
On Mon, 30 Jul 2012 21:15, ciprian.craciun at gmail.com said:
> * implement your own "fake" `gpg-agent` which I have no ideea what
> actually implies;
Don't do this.
> * implement your own "fake" `pinentry` which would be much simpler
> as it only has to implement the assuan protocol; but you'll have to
> start a separate instance of `gpg-agent` just for this situation,
I would not call this a “fake” Pinentry. Actually GnuPG has support to
switch the pinentry on demand:
@item PINENTRY_USER_DATA
This value is passed via gpg-agent to pinentry. It is useful to convey
extra information to a custom pinentry.
Your application may set this environment variable to tell a pinentry
wrapper to divert to a custom one.
> * (preferably) implement a fake `gpg` which does the following:
> opens a pipe as you have done in your example, writes the password and
Not a good idea, because GnuPG 2.1 requires the gpg-agent and won't see
any private key stuff.
> password=...
>
> env \
> GPG_PASSPHRASE_FD=<( printf -- "${password}" ) \
> PATH="a-folder-where-your-gpg-wrapper-is:${PATH}" \
> git ...
This is a bad advise. If you store the passphrase in a file, you are
usually better off not to use a passphrase at all.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list