Thanks Peter...

Thanks & Regards

Aneesh Varghese

________________________________________
From: Peter Lebbing <pe...@digitalbrains.com>
Sent: Friday, February 2, 2018 4:53 PM
To: Aneesh Varghese; gnupg-users@gnupg.org
Subject: Re: How to avoid Passphrase prompt

On 01/02/18 05:03, Aneesh Varghese wrote:
> Hi Peter,
> We need passphrase, but passphrase should be enter via code not from windows 
> popup prompt.

Hah, now I understand! :-)

There are two methods: gpg-preset-passphrase and pinentry loopback.

gpg-preset-passphrase:

GNUPGHOME/gpg-agent.conf:
--8<---------------cut here---------------start------------->8---
allow-preset-passphrase
max-cache-ttl 2147483647
--8<---------------cut here---------------end--------------->8---

gpg --with-keygrip -K
--8<---------------cut here---------------start------------->8---
sec   rsa1024 2012-03-17 [SC] [expires: 2018-02-07]
      825472F37172B95ADC7349BE98B67DE4DCDFDFA4
      Keygrip = 2F677680CA15F6F7B963AF35822E8EC01FBF840A
uid           [  full  ] Test Teststra (Koning van Wezel) <test@example.invalid>
uid           [  full  ] Test Teststra <test@work.invalid>
ssb   rsa1024 2012-03-17 [E]
      Keygrip = 15CB764B81D542CF921978CA89910C69D53F4E2D
ssb   rsa2048 2016-01-12 [A]
      Keygrip = 3D88DC9D60F791821AF8D537EEAC3C8DF7720D63
--8<---------------cut here---------------end--------------->8---

Note keygrip for [E] subkey.

Do this every time after starting the server/starting gpg-agent, to unlock
the key:

gpg-preset-passphrase --preset 15CB764B81D542CF921978CA89910C69D53F4E2D

(Type in the password. Currently no pinentry support.)

Done!

Second method: pinentry loopback.

This method has a problem. Your code supplies the passphrase. Where is
the passphrase stored? If it is simply stored on the hard disk, the
passphrase is probably useless. An attacker can just read the
passphrase. What are you protecting against?

It is simple, though:

echo passphrase | gpg --batch --pinentry-mode loopback --passphrase-fd 0 -d 
test.gpg

(Use code to pass the passphrase on some FD, don't actually use echo).

All this was tried out on Linux. I don't have Windows, or the necessary
knowledge. I think it should work on Windows.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to