sreilly15
asked on
Using gnupg without passphrase on Linux
I need to be able to decrypt files using a shell script so need to do it without having to enter the passphrase. I am using a Linux box and have tried the following variations but I get a "-bash: !: event not found" error. This is the first time I've used gnupg so any help would be appreciated.
gpg --yes --passphrase <mypassphrase> sw_test.txt.gpg
gpg --passphrase <mypassphrase> --decrypt sw_test.txt.gpg
gpg --yes --passphrase=<mypassphrase > -c sw_test.txt.pgp
echo <mypassphrase>|gpg --output sw_test.txt --batch --passphrase-fd 0 --sw_test.txt.pgp
Thanks
gpg --yes --passphrase <mypassphrase> sw_test.txt.gpg
gpg --passphrase <mypassphrase> --decrypt sw_test.txt.gpg
gpg --yes --passphrase=<mypassphrase
echo <mypassphrase>|gpg --output sw_test.txt --batch --passphrase-fd 0 --sw_test.txt.pgp
Thanks
ASKER
Thanks for the quick response. If I put single quotes around the passphrase it comes up saying Reading passphrase from file descriptor 0 ...
but then just hangs, if I hit enter again it comes up with:
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
but I am able to descrypt with this passphrase if entered separately
The ! is the first character of the passphrase and if I enter it as \passphrase I get the following:
-bash: syntax error near unexpected token `('
Any ideas?
but then just hangs, if I hit enter again it comes up with:
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
but I am able to descrypt with this passphrase if entered separately
The ! is the first character of the passphrase and if I enter it as \passphrase I get the following:
-bash: syntax error near unexpected token `('
Any ideas?
You can disable the history expansion ( the "!" is the history expansion character) by entering
histchars=
Try it, and if successful you could add this statement to your .profile or .bashrc.
By the way, the histchars are not expanded inside a script, so if you don't try the command from the command line but from a script it should work.
wmp
histchars=
Try it, and if successful you could add this statement to your .profile or .bashrc.
By the way, the histchars are not expanded inside a script, so if you don't try the command from the command line but from a script it should work.
wmp
ASKER
I entered histchars= and then tried again without the ! at the beginning of the passphrase and got the following. I wasn't sure if I should still have the ! in the passphrase so I tried putting it back in and got the same thing.
-bash: syntax error near unexpected token `('
The 2nd character of the passphrase is (, can this be causing the problem?
When you say it should work in a script should I include the ! in the passphrase or not?
Thanks,
Stephanie
-bash: syntax error near unexpected token `('
The 2nd character of the passphrase is (, can this be causing the problem?
When you say it should work in a script should I include the ! in the passphrase or not?
Thanks,
Stephanie
If the "!" is part of the passphrase you must of course include it. How else should the passphrase work?
And, as I wrote: The "!" will do no harm inside a script.
And, as I wrote: The "!" will do no harm inside a script.
ASKER
I was questioning this just because it still doesn't work. I have tried it from the command line after doing histchars= and I get: -bash: syntax error near unexpected token `('
and from a shell script entered as: gpg --passphrase <mypassphrase> --decrypt sw_test.txt.gpg I get the original error again.
and from a shell script entered as: gpg --passphrase <mypassphrase> --decrypt sw_test.txt.gpg I get the original error again.
ASKER
Can anyone please help me with any other suggestions? this is getting quite urgent.
Thanks,
Stephanie
Thanks,
Stephanie
Put your passphrase into a file and use --passphrase-file
Take care to make the file readable only by the owner (chmod 600 ...), so the owner of the script and the owner of the passphrase file should be the same.
Take care to make the file readable only by the owner (chmod 600 ...), so the owner of the script and the owner of the passphrase file should be the same.
ASKER
Can you please tell me the correct syntax for doing this, as I said this is the first time I'm using this. I had tried to do this previously using --passphrase-file but with no luck, maybe just wrong syntax though. I have my passphrase in a file named pphrase.txt and the file I am trying to decrypt is sw_test.txt.gpg.
Thanks for your help.
Thanks for your help.
gpg --passphrase-file pphrase.txt --decrypt sw_test.txt.gpg --output sw_test.txt
The passphrase must appear in the first line of pphrase.txt
The passphrase must appear in the first line of pphrase.txt
ASKER
I believe this is how I had previously tried to do this and I got the following error:
[visapult@odba1 new]$ gpg --passphrase-file pphrase.txt --decrypt sw_test.txt.gpg --output sw_test.txt
gpg: Invalid option "--passphrase-file"
Here is my file and permissions:
-rw------- 1 visapult users 16 Apr 5 11:46 pphrase.txt
[visapult@odba1 new]$ gpg --passphrase-file pphrase.txt --decrypt sw_test.txt.gpg --output sw_test.txt
gpg: Invalid option "--passphrase-file"
Here is my file and permissions:
-rw------- 1 visapult users 16 Apr 5 11:46 pphrase.txt
Check "gpg --help"
What is your gpg version?
What is your gpg version?
ASKER
version is gpg (GnuPG) 1.2.6
ASKER
I don't see anything in the gpg --help to help me with the passphrase option.
Seems that you have --passphrase-fd ?
gpg --help | grep passphrase-fd
If it's there try
gpg --passphrase-fd 0 --decrypt sw_test.txt.gpg --output sw_test.txt < pphrase.txt
gpg --help | grep passphrase-fd
If it's there try
gpg --passphrase-fd 0 --decrypt sw_test.txt.gpg --output sw_test.txt < pphrase.txt
ASKER
gpg --help | grep passphrase-fd gives me nothing so I changed it to grep just for passphrase and got:
--s2k-mode N use passphrase mode N
--s2k-digest-algo NAME use message digest algorithm NAME for passphrases
--s2k-cipher-algo NAME use cipher algorithm NAME for passphrases
I do see passphrase-fd in the man page so I tried running the command you gave above but got the following:
Reading passphrase from file descriptor 0
usage: gpg [options] --decrypt [filename]
--s2k-mode N use passphrase mode N
--s2k-digest-algo NAME use message digest algorithm NAME for passphrases
--s2k-cipher-algo NAME use cipher algorithm NAME for passphrases
I do see passphrase-fd in the man page so I tried running the command you gave above but got the following:
Reading passphrase from file descriptor 0
usage: gpg [options] --decrypt [filename]
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This solution works exactly how I need it to without entering a passphrase to decrypt a file.
Try to surround the passphrase with single quotes or escape the exclamation point using a backslash: \!
wmp