From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/2657 Path: news.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.user Subject: Re: S/MIME and encrypted certificates Date: Sun, 22 Jun 2003 13:40:59 +0200 Message-ID: References: <87d6h7bf7c.fsf@gvdnet.dk> <873ci39h2w.fsf@gvdnet.dk> <87y8zu94o0.fsf@gvdnet.dk> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1138669009 15914 80.91.229.2 (31 Jan 2006 00:56:49 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 Jan 2006 00:56:49 +0000 (UTC) Original-X-From: nobody Tue Jan 17 17:31:01 2006 Original-Path: quimby.gnus.org!not-for-mail Original-Newsgroups: gnu.emacs.gnus Original-NNTP-Posting-Host: fnatte.nada.kth.se Original-X-Trace: quimby.gnus.org 1056282206 16618 130.237.226.103 (22 Jun 2003 11:43:26 GMT) Original-X-Complaints-To: usenet@quimby.gnus.org Original-NNTP-Posting-Date: 22 Jun 2003 11:43:26 GMT User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) Cancel-Lock: sha1:jf4pNgF83/JZmKetoD9I/Qr5tkQ= Original-Xref: bridgekeeper.physik.uni-ulm.de gnus-emacs-gnus:2797 Original-Lines: 16 X-Gnus-Article-Number: 2797 Tue Jan 17 17:31:01 2006 Xref: news.gmane.org gmane.emacs.gnus.user:2657 Archived-At: Martin Christensen writes: >>>>>> "Ben" == Ben Elliston writes: > Ben> Using a command line argument is even worse, as other users can > Ben> spot your openssl processes in the process table and will then > Ben> know your passphrase. > > Doh! I was under the impression that this was how it was typically > done with GnuPG, but apparently not. At least PGG reads the passphrase > from standard input, while the matter to be (en|de)crypted, signed or > verified is treated via a file, which I initially thought would be > taken from stdin. Something similar seems to be possible for > OpenSSL. That, however, can wait for tomorrow. Reading the password from a file descriptor is probably the best solution, yes, and OpenSSL support it via -passin fd:42.