Automatic Decryption using Batch files and Passphrase
Created: 31 May 2012 | Updated: 01 Jun 2012 | 2 comments
This issue has been solved. See solution.
I want to embed a decryption process into a batch file which will call PGP command line in order to decrypt.
The example is the following:
When a files comes to my FTP server I want to run a batch file automatically in order to encrypt the file and store it encrypted.
My problem is that I do not want to store hardcoded my passphrase. Is there any way to avoid this?
Discussion Filed Under:
Comments 2 Comments • Jump to latest comment
There are several possible solutions Hopefully one will meet your needs.
1. Use the PGP_PASSPHRASE environment variable
2. Read the passphrase from a file descriptor using the "--passphrase-fd" (or "--passphrase-fd8") option.
3. Enter the passphrase once yourself, and keep it cached. The passphrase cache can timeout after a period of time, or stay in effect until you specifically end it (or the system reboots).
4. Store the private key on PGP Universal (this requires a separate license for PGP Universal). PGP Command Line authenticates to PGP Universal to utilize the private key. If you ever worry that the authentication credential (a username/passphrase pair, or a key+passphrase) is compromised you can revoke it and create a new one.
Regards,
--------
David Finkelstein
Symantec R&D
As far as 4 is concerned, In my infrastructure there is no PGP Universal Server. I would like to deploy only PGP Command Line.
Thank you very much for your reply.
Regards,
Andreas
Would you like to reply?
Login or Register to post your comment.