On Wed, Jun 23, 2004 at 09:50:42AM +0100, Rui Miguel Seabra wrote: > On Tue, 2004-06-22 at 23:40 +0100, Luciano Miguel Ferreira Rocha wrote: > > gpg --passphrase-fd=0 ... <<EOF > > my passphrase > > EOF > > ? > > > > Or why not just remove the passphrase all together? Sure, the private key > > would end up unprotected, but having the passphrase on a script doesn't > > give that much protection either. > > Because that would unprotect the key. Key with passphrase stored in a script isn't that much protected, either. > However, restricting access both to the script or to the file containing > the password is important AND POSSIBLE TO DO (at least partially) with > SELinux. If access to the file containing the password is possible to restrict, then access to the key is also possible to restrict, in the same, and as secure, way. Regards, Luciano Rocha -- Consciousness: that annoying time between naps.
