PGP Command Line and Java Application?
We are using PGP Command line for file encryption and the creation of Self-Decrypting archive files for email attachments.
However we want to also deploy some file level encryption to a batch process. The process is:
1) A file arrives on an SFTP Server.
2) The file is encrypted using PGP and a public key.
3) The encrypted file is sent to an Application server.
4) A Java process detects the file, decrypts it and processes the content.
The issue I have is what is the best way to achieve the decryption? Obviously this will require a private key and a passphrase but with the command line software these would be provided on the command line and that can theoretically be snooped by root administrators and will appear in the shell history.
I have seen some examples that use Runtime.getRuntime().exec to run the command required and these examples used --passphrase-fd 0 to somehow magically give the command the passphrase required. The command line user guide seems a little vague on how that operates?
An alternative solution I have considered uses the Sun JCE libraries to create a suitable cipher object with a key and a file can then be read as a CipherInputStream and processed on the fly without having to actually decrypt the file. Is there any way to achieve this with the command line tool or would I have to use the PGP SDK API for that?
If I did use the SDK for this requirement can the SDK also be used for the SDA creation?
The licensing terms seem a little confusing for the SDK so is it already included in the command line software or not? if so is there actually a separate license or cost to using this?