v2.3 of gnupg for automation?

Robert J. Hansen rjh at sixdemonbag.org
Wed Oct 27 00:21:16 CEST 2021


> We’ve been using v1.4 of gnupg because I read in the documentation
> and user comments and in my testing, that v2.X couldn’t be used in
> software automation workflows.

This might have been true several years ago, but it isn't true today.

> there was a feature (that seemed intentional) that the passphrase had
> to be entered manually in a popup window in v2.X.

That's true, and is correct.  If you're passing a passphrase via the
command line, that passphrase becomes visible to anyone with the
privileges to get a list of processes and arguments.  At that point the
passphrase really isn't providing much in the way of security.

> And that even when that was supposedly not required, it still
> happened occasionally to users, that their automation couldn’t
> process the file because gnupg v2.X required the manual input.

I'm unaware of any instance of this being true.  I am aware of *many*
instances of people discovering they did, in fact, have a passphrase on
their key after swearing up and down they didn't.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211026/48e76044/attachment.sig>


More information about the Gnupg-users mailing list