I've been blessed with the task of writing functions that will be used to encrypt / decrypt data files using the Gnupg (gpg command) software on our Solaris 9. This was just installed last friday and I've got no documentation other than what I've found on the web.

I was successful in writing and testing the encrypt_file function. Piece of cake. The problem I have is with the decrypt_file function trying to get the gpg command to allow me to pass the 'passphrase' as a variable. I can run the command (without a script), it prompts me for the passphrase, I type it and it works. I'm confused about the --command-fd and --passphrase-fd options. I've tried with each seperately and each alone and still get an error saying 'bad passphrase'. Has anyone else tried this? What have I got wrong?

My current script and its output follows.


#! /bin/ksh
#------------------
function decrypt_file
{
# This function uses the GnuPG (gpg command) to decrypt files
# $1.gpg will be the input file and the output will be called $1.

# The gpg command resides in /usr/local/bin

#Setup
B=/bin
U=/usr/local/bin # this is where the gpg executable is

# Check if the input file exists
if [[ ! -f $1.gpg ]] then
echo "-*- Error - $1.gpg not found"
return 1
fi

# Delete the output file (if one exists)
$B/rm -f $1

# Let's decrypt the file
PP=`echo 'this is my test passphrase'` # this and the next line will be
echo "Pp=$PP" # replaced by an environment variable
echo $PP| $U/gpg --command-fd 0 --passphrase-fd 0 \
--decrypt-files "$1.gpg" << !end \
> /tmp/$$data
!end

stat=$?
if [[ $stat != 0 ]] then
echo "-*- Error - decrypt (gpg) failed"
return 1
fi

$B/grep -i "ERROR" /tmp/$$data > /dev/null
stat=$?
if [[ $stat != 1 ]] then
echo "-*- Decrypt failed"
cat /tmp/$$data
return 1
fi

# Look's like we're good to go
echo "--- File $1.gpg successfully de-encrypted as $1"

# Remove the input-file (the point of the whole process) and /tmp files
$B/rm -f $1.gpg
$B/rm -f /tmp/$$*

return 0
} # end decrypt_file
#------------------


Here's what I get when I run it:

$: decrypt_file test-file.txt
Pp=this is my test passphrase
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Reading passphrase from file descriptor 0

You need a passphrase to unlock the secret key for
user: "test name (test comment) <testemail@pni.com>"
1024-bit ELG-E key, ID 84D710AC, created 2006-01-13 (main key ID F423056A)

gpg: encrypted with 1024-bit ELG-E key, ID 84D710AC, created 2006-01-13
"test name (test comment) <testemail@pni.com>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
-*- Error - decrypt (gpg) failed
$:


Thanks, in advance, for any help you can give me.