On 12/10/2010 02:05 AM, John Doe wrote: > What about: '--passphrase-file file' ? If you're going to put the key and its passphrase file on the same host, you might as well not encrypt the key at all. You're better off encrypting the filesystem that contains the key. If you decide to use a passphrase file anyway, at least put it on a tmpfs so that you have to recreate it every time you reboot.