Newbie can't get --passphrase option to work

Peter Lebbing peter at digitalbrains.com
Tue May 16 09:31:42 CEST 2017


On 12/05/17 16:15, Ryk McDorman wrote:
> In the program I'm passing the output and input filenames as parameters to a one-line batch file consisting of this command:
> echo <mypassphrase>| "C:\Program Files (x86)\gnuPG\bin\gpg.exe" --batch  --output %1  --passphrase-fd 0 --decrypt %2

You should also ask yourself what the purpose of the passphrase is other
than to make your life difficult. Your disk holds a file with an
encrypted private key as well as a file containing the plaintext
password. Why would an attacker that is able to access the encrypted
private key not also be able to access the PowerShell script with the
password? What purpose does the password serve in this scenario?

You should probably just remove the passphrase from the key. That way
any decryption or signature will just succeed without jumping through
hoops to pass the passphrase to GnuPG.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170516/f14b9c08/attachment.sig>


More information about the Gnupg-users mailing list