Page MenuHome GnuPG
Create Task
Maniphest T321

Missing feature, environment variable for passphrase
Closed, ResolvedPublic
Actions

Description

Environment

x86 Linux

Description

PGP had a feature where you could put your passphrase in an environment variable and then you could decrypt files without being prompted. Of course this was dangerous on a multi-user machine, because other users could conceivably see your passphrase through the mechanisms used by the "ps" command; also, the shell could leave the env var in swap space, etc. But in a single-user machine with swap space turned off, it is perfectly safe.

If you have 100 files that you want to decrypt in a batch, this is the most convenient way to do it. Far less safe is to create a temporary copy of the secret key with passphrase removed, since after deletion the data from that file might still be recoverably left on the disk.

So I'd like to ask that GnuPG implement this feature or something comparable.

Fix

Unknown

Event Timeline

gnupg5 added projects: Feature Request, gpgme.Jun 17 2004, 12:41 AM
marcus added a comment.Jan 21 2005, 10:03 PM

Do you think gpg-agent and its passphrase-caching is adequate? You can even pre-store the passphrase on startup and never expire it. I think this is a much better solution. Please let me know if you still see the need for this feature given the superiority and completeness of gpg-agent.

werner added a subscriber: werner.Apr 21 2005, 12:07 PM

We won't do that for security reasons and due to other ways
of providing a passphrase (cf. gpg-agent,
gpg-preset-passphrase). No reponse for 3 months either.

werner closed this task as Resolved.Apr 21 2005, 12:07 PM

Another way to use make use of an environment variable is by wrtinig an appropriate passpharse callback for gpgme.