Bee via Gnupg-users wrote:
Its is called "USER DATA" for a reason - you have to decide what to do
with it.
But a novel pinentry must be created to receive the data. Again, this
is circular.
If your really really want a passphrase, what about passing
the filename of a file holding the passphrase.
AGAIN, this requires clear text storage trying to be avoided in the
first place, or ... decrypting the encrypted file on the fly ... which
requires a passphrase to be passed ... and we're circular again.
Yes, this is a fundamental limitation of public-key cryptography: to
decrypt a message or generate a signature, the private key must be
available in cleartext. Some would say that that is the point.
If you are trying to have some semblance of security with an unattended
application, have you considered using a smartcard or HSM to store the key?
-- Jacob
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
