On Sonntag, 20. Februar 2022 17:37:51 CET Alireza Sadeghpour wrote: > On Sun, 20 Feb 2022, 7:37 PM Ingo Klöcker, <kloec...@kde.org> wrote: > > On Sonntag, 20. Februar 2022 16:25:31 CET Alireza Sadeghpour wrote: > > > I am trying to encrypt and sign a file with gpg and loopback pinentry > > > option, with the below command: > > > > > > gpg --pinentry-mode=loopback --passphrase ="mypws" \ > > > --ignore-time-conflict --ignore-valid-from \ > > > --cipher-algo AES256 --symmetric --ignore-time-conflict \ > > > --passphrase-file ~/.gnupg/PG/p-enckey --trust-model always -q --batch > > > --yes --local-user "UserID" \ > > > --sign --force-mdc \ > > > --output /var/psigner/2 \ > > > /var/psigner/1 > > > > Using the options --passphrase *and* --passphrase-file makes no sense. > > Actually i need to use two keys, one for aes encryption and another one is > used for rsa signing, which both of them are protected with a passphrase. > > I tried to indicate rsa key passphrase with --passphrase option and aes key > with --passphrase-file option. > > If that is wrong, how can i indicate passphrase for two separate keys in > same command?
Our usual reply to people trying to do provide a passphrase for doing automatic signing (or decryption) is: Use a passphrase-less key. If you put the passphrase needed for the signing key next to the signing key, then you do not gain any security by protecting the signing key with a non- empty passphrase. That's like putting a super secure lock into the front door of your house and then hanging the key next to the door on a nail. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users