Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Bash redirection problem



On Mon, 26 Mar 2007, Stuart Luppescu wrote:

I'm trying to write a bash script to automate encryption and decryption of a gnumeric spreadsheet. I thought I'd feed gpg the passphrase from a file like this:

gpg -d ccinfo.gnumeric.gpg < $HOME/cc/passphrase > $HOME/cc/ccinfo.gnumeric

But each time I run the script it prompts me to enter my passphrase.

GPG tries pretty hard to make sure it's asking for the passphrase on a terminal; in particular, it's opening /dev/tty instead of using standard input and output.

If you don't need public key encryption, you may be better off using
something else to do symmetric encryption; gpg's user interface is
pretty awful (and this is by far its biggest security flaw).

Failing that, put the decryption key in a separate keyring that has no
password on it.

I presume you *are* using a key entirely separate from anything you use
for more serious applications, right? A key is only as secure as the
weakest way in which it's used, and everything encrypted or signed with
that key is only that secure as well.

cjs
--
Curt Sampson       <cjs@example.com>        +81 90 7737 2974


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links