Hi Robert, I am trying to write in plain text mode so hopefully you won't be seeing it in HTML. I really appreciate the help you have provided me so far.
I am really not into networking and encryption stuff, so please expect few dumb questions from me. Can you please suggest to me the steps that I should follow to redesign my solution, considering the password security? I have the private keys and passphrase of the PGP encrypted files. Now, my basic question is where/how should I store the decryption password and what would be my "gpg" command. Appreciate your help. -regards, Abhisht Sharma On Thu, 10 Jun 2021 at 10:46, Robert J. Hansen <r...@sixdemonbag.org> wrote: > > > But, this command had a risk of exposing *$PASSPHRASE* to the UNIX > > console if any user executes *ps -ef* command while the code is running. > > This was a huge security breach so I chose the *--passphrase-file* > > option to read the decryption password from a file. > > > > Now, all I need is to place the file, which stores the decryption > > password, with strict user permissions. > > And this is probably a bad idea. > > Clearly, you have a place where you feel it's safe to store a file > containing the passphrase for your certificate. So remove the > passphrase from your certificate and store it there, in that safe place > on your filesystem. > > > Having said that, just to add a little bit of more security... > > This is a really bad habit: thinking that "I'll just add one more step > to add a little bit more security." It's endemic to the community -- > you are far from the only person to have it. But it's a bad habit, and > here's why: security decisions always need to be connected to your > threat model. > > Is there something in your threat model you can point to and say, > "because of this particular threat we're concerned about, this step I > want to take is warranted"? If so, go for it. If not, don't. -- With Regards, Abhisht Sharma +353 899875624 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users