> Don't do that.
>
> Storing the pgp pass phrase in an environment variable may have been
> a valid option on MS-DOS computers. It isn't on Unix machines,
> since the environment is not guaranteed to be confidential.
I'm working on unix.
In the PGP CmdLineGuide you will find a section about this.
There you can read that using this feature is safe when you use in in
a environment where no one else has access to it.
I'm doing that. The environment is only active as long as mutt is
open. No one from outside can access it.
The wrapper script asks me for entering the passphrase and starts mutt
immedeately after this. So, it is safe.
The only thing a would agree is that someone can change the wrapper
script to send the passphrase via email to outside...
> Also, what's the point in using a shell script like the one below?
>
> - There is no reason to avoid running two mutts on the same mailbox.
> Mutt _does_ know how to graciously deal with concurrent access to
> mail folders.
>
> - There is no point in asking for the pass phrase in a shell script,
> and then storing it in $PGPPASS. Mutt will ask for the pass
> phrase the first time it's needed, and remember it for the coming
> $pgp_timeout seconds. The default is 300 seconds; you can easily
> change that from your .muttrc.
Maybe you have read my previous email regarding the mutt_octet-filter
which can decrypt pgp encrypted octet-streams.
The PGPPASS environment variable is the easiest way to remember the
passphrase.
But now I have to enter the passphrase two times. One for my
octet-filter and one for mutt.
What solution to you see?
Daniel.
