Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Automatic Decryption using Batch files and Passphrase

Created: 31 May 2012 • Updated: 31 May 2012 | 2 comments
andreas a's picture
This issue has been solved. See solution.

I want to embed a decryption process into a batch file which will call PGP command line in order to decrypt.

The example is the following:

When a files comes to my FTP server I want to run a batch file automatically in order to encrypt the file and store it encrypted.

My problem is that I do not want to store hardcoded my passphrase. Is there any way to avoid this?

Comments 2 CommentsJump to latest comment

dfinkelstein's picture

There are several possible solutions  Hopefully one will meet your needs.

1.  Use the PGP_PASSPHRASE environment variable

2.  Read the passphrase from a file descriptor using the "--passphrase-fd" (or "--passphrase-fd8") option.

3.  Enter the passphrase once yourself, and keep it cached.  The passphrase cache can timeout after a period of time, or stay in effect until you specifically end it (or the system reboots).

4.  Store the private key on PGP Universal (this requires a separate license for PGP Universal).  PGP Command Line authenticates to PGP Universal to utilize the private key.  If you ever worry that the authentication credential (a username/passphrase pair, or a key+passphrase) is compromised you can revoke it and create a new one.

Regards,

--------

David Finkelstein

Symantec R&D

SOLUTION
andreas a's picture

As far as 4 is concerned, In my infrastructure there is no PGP Universal Server. I would like to deploy only PGP Command Line.

Thank you very much for your reply.

Regards,
Andreas