If the passphrase is passed in as a parameter to the script, the passphrase will be clearly visible in the process list (on Unix/ Linux) (via the "ps" command).

To be honest, there is really no way to properly secure a passphrase for an automated system if the passphrase exists anywhere on that system. All users with root access will be able to get to the private key through some means.

If you are not worried about users with root access, then you don't need to encrypt the private key, since non-root users won't be able to read the secret key in the process's home directory.

It's a chicken-or-egg situation. If you can trust the root users, you are better off keeping it simple and just not using an encrypted private key. If you cannot trust the root users, you should not trust the system at all.


On Apr 19, 2007, at 8:33 AM, jane grove wrote:

Thank you guys.  Both the "cat pipe" way and the "<" way work well.
David, yes you made a very good point of not hard-coding the
passphrase or its file name.  In my current script, I have a variable
to hold the passphrase file name.  The actual file name is passed in
as a parameter when I call the script from another command outside the
script.  If an attacker opens the current script, s/he won't see the
actual passphrase or its file name, s/he will only see the variable
name.  The passphrase is stored in a separate place.

I am thinking of better ways to secure the passphrase and automate the
jobs at the same time.  I appreciate everyone's input.

Jane

On 4/14/07, David Shaw <[EMAIL PROTECTED]> wrote:
On Sat, Apr 14, 2007 at 10:23:24PM -0500, jane grove wrote:
Hello,
I am trying to use the GnuPG command "decrypt" in batch mode (i.e. in a script). When I use the option "--batch", I don't have a way to enter the user
id or passphrase.

Look at the --passphrase-fd, --passphrase-file, or --passphrase
options.  They are all in the manual, and can be used to provide a
passphrase during batch operation.

However, if you are including the passphrase in a script, it is worth
asking yourself if there is any security benefit in having a
passphrase-protected key at all.  After all, an attacker who gets
access to the script needs merely to read it to know the passphrase.

David

_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users


_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to