McAfee MEJCAE-AM-DA Product Guide - Page 75
PASSPHRASE-FD, CONVENTIONAL-PASSPHRASE-FD, PIN-FD, CHALLENGE-FD, Storing your passphrase with PGPPASS
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 75 highlights
Advanced Topics Alternative ways to work with passphrases PASSPHRASE-FD Set the PASSPHRASE-FD parameter in the E-Business Server configuration file, or use the --passphrase-fd option on the command line to supply E-Business Server with the file descriptor number to which the passphrase will be passed. This is most useful when writing scripts. For example: ebs --encrypt --passphrase-fd 4 --user joe foo.txt 4< mypassphrase.txt This instructs the bash shell to get your pgppassphrase for the encryption operation from the file mypassphrase.txt using file-handle number 4 and tells E-Business Server to find it at that location. CONVENTIONAL-PASSPHRASE-FD If you need to supply your E-Business Server passphrase, as well as a conventional passphrase, then set the CONVENTIONAL-PASSPHRASE-FD parameter in the E-Business Server configuration file, or use the --conventional-passphrase-fd option on the command line to supply E-Business Server with the file descriptor number to which the conventional passphrase will be passed. This is most useful when writing scripts. ebs --encrypt --conventional --sign --passphrase-fd --conventional-passphrase-fd PIN-FD Use the PIN-FD option to specify a file descriptor for supplying E-Business Server with smartcard PIN number. For example, if you want to sign a file with a key that resides on a smartcard, you would use the following syntax: ebs --sign --pin-fd CHALLENGE-FD Use the CHALLENGE-FD option to specify a file descriptor for supplying the challenge passphrase used by Verisign for its certificate revocation process. This can also be set with --cert-attribute Challenge="...". However, specifying the Challenge attribute on the shell command-line could reveal the challenge passphrase to other users on the system. The --challenge-fd option provides a more secure method of delivering the passphrase to E-Business Server. For shell scripts, use the redirection syntax described under PASSPHRASE-FD. Storing your passphrase with PGPPASS Caution: You should not use this feature if working on a shared system. The passphrase may be visible to others. When E-Business Server needs a passphrase to unlock a secret key, E-Business Server prompts you to enter your passphrase. Use the PGPPASS environment variable to store your passphrase. When E-Business Server requires a passphrase, it attempts to use the stored passphrase. If the stored passphrase is incorrect, E-Business Server recovers by prompting you for the correct passphrase. SET PGPPASS= The following is an example of how you might set this variable in the environment. SET PGPPASS="zaphod beeblebrox for president" The above example would eliminate the prompt for the passphrase if the passphrase was "zaphod beeblebrox for president". This feature is convenient if you regularly receive a large number of incoming messages addressed to your secret key, eliminating the need for you to repeatedly type in your passphrase. The recommended way to use this feature is to enter the command each time you boot your system, and erase it or turn off your computer when you are done. 73 E-Business Server™ 8.6 Product Guide