At https://dev.gnupg.org/T4154 , 'allow setting passphrase from an environment variable', there is a comment of "I don't see why we should add yet more clumsy passphrase workarounds to gpg. We already have PINENTRY_USER_DATA which can fulfill the same task."
Can anyone give an example of doing so? I am looking to effect the equivalent of: '@rem Get passhrase into (env.) var. programmatically (in your favourite manner)' 'set /p myenvpassphrase="Enter symmetric keyphrase to use:" 'echo "Secret data" | gpg.exe -c --envpassphrase myenvpassphrase > secretdata.gpg' - thereby avoiding storing any passphrase (even temporarily) on a storage medium, nor have it visible as the command line (via tasklist or ps). - in this case, the 'secret data' is actually confidential information, piped from elsewhere, on the fly. Of course, the '-envpassphrase' option doesn't exist in gpg currently, but the comment at the above link indicates that there is another way to effect the same intent. Can anyone give an example of so doing? A current means of effecting the same is, of course, '--passphase-fd 3", for something like: 'echo "Secret data" | gpg.exe -c --passphrase-fd 3 3< echo %PASSWORD% > secretdata.gpg' - except I have no idea [in (Win 10) DOS, not powershell, cmd] how to get anything into file descriptor 3. = let alone get an echo into fd 3 (without actually landing on a filesystem, even temporarily). Of course: 'echo "Secret data" | gpg.exe -c --passphrase > secretdata.gpg' - doesn't work, as stdin can't be 'in two places at once', both passphrase input, and data input. = Remember, "Secret data" isn't on disk, either - it's being piped in, too. Has anyone got a link to a working example of '3<' or 'PINENTRY_USER_DATA which can fulfill the same task' of gpg picking up its passphrase from an environment variable? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
