On 12/05/17 16:15, Ryk McDorman wrote: > In the program I'm passing the output and input filenames as parameters to a > one-line batch file consisting of this command: > echo <mypassphrase>| "C:\Program Files (x86)\gnuPG\bin\gpg.exe" --batch > --output %1 --passphrase-fd 0 --decrypt %2
You should also ask yourself what the purpose of the passphrase is other than to make your life difficult. Your disk holds a file with an encrypted private key as well as a file containing the plaintext password. Why would an attacker that is able to access the encrypted private key not also be able to access the PowerShell script with the password? What purpose does the password serve in this scenario? You should probably just remove the passphrase from the key. That way any decryption or signature will just succeed without jumping through hoops to pass the passphrase to GnuPG. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
