Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how to give PASSPHRASE to gpg in command line?
Top Forums UNIX for Dummies Questions & Answers how to give PASSPHRASE to gpg in command line? Post 302297801 by nsharath on Sunday 15th of March 2009 04:40:30 PM
Old 03-15-2009
Bug how to give PASSPHRASE to gpg in command line?
Hello sir,
I am using "gpg" command to encrypt a file.

We generally do it :-
Quote:
gpg -c --cipher-algo aes256 secret.txt
then it asks us for :-
Quote:
Enter Passphrase:
I want to know how to give this Passphrase in the command line itself !!!I did read the man page but couldnt make out what is the option for it.Can u please help me out !!!
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

GnuPG (gpg command)

I've been blessed with the task of writing functions that will be used to encrypt / decrypt data files using the Gnupg (gpg command) software on our Solaris 9. This was just installed last friday and I've got no documentation other than what I've found on the web. I was successful in writing... (4 Replies)
Discussion started by: BCarlson
4 Replies

2. AIX

command to give me Database

Which is command I could used, to give me the kind of database ,size of database and version of database ? (4 Replies)
Discussion started by: magasem
4 Replies

3. Shell Programming and Scripting

want to specific line which i will give through variable

Hi, I have a file on unix which contains -------------------------------------- 1 # Do not remove the following line, or various programs 2 # that require network functionality will fail. 3 127.0.0.1 romhelp3 localhost.localdomain localhost 4 ... (2 Replies)
Discussion started by: srikanthus2002
2 Replies

4. Shell Programming and Scripting

if i give this command what would be the value...

if i give dir=/tmp/${0##*/} what would b the value stored in dir ..i'm more concerned about the 0##*/ part.. (1 Reply)
Discussion started by: suri
1 Replies

5. UNIX for Dummies Questions & Answers

Give the command names

Hiii, I have a requiremnt like this---- Please provide the current sever capacity and the % of utilization for each of the servers used by your respective applications. Also please provide the list of applications running on each of the unix server can you please help me out in this. (2 Replies)
Discussion started by: namishtiwari
2 Replies

6. Shell Programming and Scripting

Needing to wait for a line on screen and then give input repeatedly

So I have a weird question for my unix shell script. I wrote a shell script that does several things, but one of the things it does is call an executable. The executable then proceeds to start asking me questions, which it won't proceed until an input is entered. The answer to the questions is... (4 Replies)
Discussion started by: HelpMeProgram
4 Replies

7. Shell Programming and Scripting

Script .ksh to decrypt .gpg(passphrase)

Hi all, i have to make a script in shell unix that decrypt a file .gpg ang through out in the same directory the decypted file. Well, the problem is to put in the shell the passphrase. Here the specifications: File .gpg: bella.zip.gpg File output: bella_decr.zip passphrase: bella_zio ... (4 Replies)
Discussion started by: zangarules
4 Replies

8. UNIX for Dummies Questions & Answers

What will echo $$ command give

Hi I tried giving the following command echo $$a I got an output like 32178a Can some one please explain why echo $$ is returning 32178 Thanks in advance (6 Replies)
Discussion started by: Sri3001
6 Replies

9. UNIX for Dummies Questions & Answers

Give name for every nth line

Hi all, Greetings. I am facing some troubles and hope that the professionals here could help me. I am handling a large dataset, and part of it is like below: 1 ab139 0 752566 G A 1 ab151 0 846808 T C 1 ab142 0 854250 G A 1 ab061 0 861808 A G 1 ab043 0 873558 T G... (4 Replies)
Discussion started by: Amanda Low
4 Replies

10. UNIX for Beginners Questions & Answers

How do I give permission for the kill command?

<?php $comando = "kill -9 3104"; $output = shell_exec($comando); ?> I am running this web page, but it does not execute the command, in the log file it looks like this: sh: 1: kill: Operation not permitted How do I give permission to execute the command? (1 Reply)
Discussion started by: Rodrigo_Bueno
1 Replies

LEARN ABOUT DEBIAN

gpgwrap

gpgwrap(1)						      General Commands Manual							gpgwrap(1)

NAME

       gpgwrap - a small wrapper for gpg

SYNOPSIS

       gpgwrap -V

       gpgwrap -P [-v] [-i] [-a] [-p <file>]

       gpgwrap -F [-v] [-i] [-a] [-c] [-p <file>] [-o <name>] [--] <file> [<file> ... ]

       gpgwrap [-v] [-i] [-a] [-p <file>] [-o <name>] [--] gpg [gpg options]

DESCRIPTION

       The  GNU Privacy Guard (gpg) supplies the option --passphrase-fd. This instructs gpg to read the passphrase from the given file descriptor.
       Usually this file descriptor is opened before gpg is executed via execvp(3). Exactly that is what gpgwrap is doing. The passphrase  may	be
       passed to gpgwrap in 4 ways:

	      * as file path, whereat the passphrase is stored as plain text in the file

	      * it is piped from another program to the stdin of gpgwrap

	      * through the GPGWRAP_PASSPHRASE environment variable

	      * gpgwrap prompts for it

       With  no precautions the first point undermines the secure infrastructure gpg provides. But in pure batch oriented environments this may be
       what you want. Otherwise if you are willing to enter passphrases once and don't want them to be stored as plain text in a file gpg-agent is
       what  you  are  looking	for. Another security objection could be the use of the environment variable GPGWRAP_PASSPHRASE which contains the
       passphrase and may be read by other processes of the same user.

OPTIONS

       -V, --version
	       Print out version and exit.

       -P, --print
	       Get the passphrase and print it mangled to stdout.

       -F, --file
	       Read gpg commands from the given files. If <file> is - it is read from stdin. Exactly one command per line is expected.	The  given
	       line is handled in the following way:

	       * In  the  first  place the passphrase is mangled. This means that unusual characters are replaced by their backslash escaped octal
		 numbers.

	       * Secondly the mangled passphrase is stored in the environment variable GPGWRAP_PASSPHRASE.

	       * "exec gpgwrap -- " is prepended to each line, before the result is passed as argument to "sh -c".

       -h, --help
	       Print out usage information.

       -v, --verbose
	       Increase verbosity level.

       -i, --interactive
	       Always prompt for passphrase (ignores -p and the environment variable).

       -a, --ask-twice
	       Ask twice if prompting for a passphrase.

       -c, --check-exit-code
	       While reading gpg commands from a file, gpgwrap ignores per default the exit code of its child processes. This option  enables  the
	       check  of  the exit code. If a child terminates abnormal or with an exit code not equal 0 gpgwrap stops immediately and does return
	       with this exit code. See also section BUGS.

       -p <file>, --passphrase-file <file>
	       Read passphrase from <file>. If <file> is - it is read from stdin. The passphrase is expected to be in plain text. If  this  option
	       is  not	given  the  passphrase will be taken either from the environment variable GPGWRAP_PASSPHRASE or it will be prompted on the
	       controlling tty if the environment variable is not set.

       -o <name>, --option-name <name>
	       Specify the name of the "--passphrase-fd" option understood by the program to be executed. This is useful if you want to  use  gpg-
	       wrap in combination with other programs than gpg.

LIMITATIONS

       The given passphrase is subject to several limitations depending on the way it was passed to gpgwrap:

	      * There is a size limitation: the passphrase should be not larger than some kilobytes (examine the source code for the exact limit).

	      * gpgwrap allows you to use all characters in a passphrase even 00, but this does not mean that gpg will accept it. gpg may reject
		your passphrase or may only read a part of it, if it contains characters like 12 (in C also known as 
).

	      * If you set the environment variable GPGWRAP_PASSPHRASE you should take special care with the backslash character, because  gpgwrap
		uses backslash to escape octal numbers, (see option -F). Therefore write backslash itself as octal number: 134.

EXAMPLES

       1.
	       gpgwrap -p /path/to/a/secret/file  
	       gpg -c -z 0 --batch --no-tty  
		   --cipher-algo blowfish < infile > outfile

	       Read passphrase from /path/to/a/secret/file and execute gpg to do symmetric encryption of infile and write it to outfile.

       2.
	       gpgwrap -i -a  
	       gpg -c -z 0 --batch --no-tty  
		   --cipher-algo blowfish < infile > outfile

	       Same as above except that gpgwrap prompts twice for the passphrase.

       3.
	       gpgwrap -F -i - <<EOL
	       gpg --decrypt --batch --no-tty < "$HOME/infile1" > "$HOME/outfile1"
	       gpg --decrypt --batch --no-tty < "$HOME/infile2" > "$HOME/outfile2"
	       gpg --decrypt --batch --no-tty < "$HOME/infile3" > "$HOME/outfile3"
	       gpg --decrypt --batch --no-tty < "$HOME/infile4" > "$HOME/outfile4"
	       EOL

	       gpgwrap prompts for the passphrase and executes four instances of gpg to decrypt the given files.

       4.
	       GPGWRAP_PASSPHRASE="mysecretpassphrase"
	       export GPGWRAP_PASSPHRASE
	       gpgwrap -F -c -v /tmp/cmdfile1 - /tmp/cmdfile2 <<EOL
	       gpg --decrypt --batch --no-tty < "$HOME/infile1" > "$HOME/outfile1"
	       gpg --decrypt --batch --no-tty < "$HOME/infile2" > "$HOME/outfile2"
	       gpg --decrypt --batch --no-tty < "$HOME/infile3" > "$HOME/outfile3"
	       gpg --decrypt --batch --no-tty < "$HOME/infile4" > "$HOME/outfile4"
	       EOL

	       Same  as  above	except that gpgwrap gets the passphrase via the environment variable, reads commands additionally from other files
	       and checks the exit code of every gpg instance. This means if one gpg command has a non zero exit code,	no  further  commands  are
	       executed. Furthermore gpgwrap produces verbose output.

       5.
	       GPGWRAP_PASSPHRASE="$(gpgwrap -P -i -a)"
	       export GPGWRAP_PASSPHRASE

	       find . -maxdepth 1 -type f |
	       while read FILE; do
		   FILE2="$FILE.bz2.gpg"
		   bzip2 -c "$FILE" |
		   gpgwrap gpg -c -z 0 --batch --no-tty  
		       --cipher-algo blowfish > "$FILE2" &&
		   touch -r "$FILE" "$FILE2" &&
		   rm -f "$FILE"
	       done

	       Read in passphrase, compress all files in the current directory, encrypt them and keep date from original file.

       6.
	       find . -maxdepth 1 -type f -name '*.bz2.gpg' |
	       awk '{
		   printf("gpg --decrypt --batch --no-tty --quiet ");
		   printf("--no-secmem-warning < %s
", $0);
		   }' |
	       gpgwrap -F -i -c - |
	       bzip2 -d -c - |
	       grep -i 'data'

	       Decrypt	all *.bz2.gpg files in the current directory, decompress them and print out all occurances of data. If you pipe the result
	       to less you get into trouble because gpgwrap and less try to read from the TTY at the same time. In such a case it is better to use
	       the environment variable to give the passphrase (the example above shows how to do this).

       7.
	       GPGWRAP_PASSPHRASE="$(gpgwrap -P -i -a)"
	       export GPGWRAP_PASSPHRASE

	       gpgwrap -P |
	       ssh -C -x -P -l user host "
		   GPGWRAP_PASSPHRASE="$(cat)"
		   ...
		   "

	       Prompt for a passphrase twice and write it to the GPGWRAP_PASSPHRASE environment variable.

       8.
	       echo -n "Passphrase: "
	       stty -echo
	       read GPGWRAP_PASSPHRASE
	       echo
	       stty echo
	       export GPGWRAP_PASSPHRASE

	       Another	way  to  prompt manually for the passphrase. It was needed in combination with older versions of gpgwrap, because they did
	       not upport -P. Be aware that with this method no automatic conversion to backslash escaped octal numbers takes place.

       9.
	       echo "mysecretpassphrase" |
	       gpg --batch --no-tty --passphrase-fd 0  
		   --output outfile --decrypt infile

	       Cheap method to give passphrase to gpg without gpgwrap. Note that you can't use stdin to pass a	file  to  gpg,	because  stdin	is
	       already used for the passphrase.

       10.
	       gpg --batch --no-tty  
		   --passphrase-fd 3 3< /path/to/a/secret/file	
		   < infile > outfile

	       This  is a more advanced method to give the passphrase, it is equivalent to Option -p of gpgwrap. This example should at least work
	       with the bash.

       11.
	       gpg --batch --no-tty --passphrase-fd 3  
		   3< <(echo "mysecretpassphrase")  
		   < infile > outfile

	       Like above, but the passphrase is given directly. This example should at least work with the bash.

BUGS

       In version 0.02 of gpgwrap the exit code of gpg was only returned if gpgwrap read the passphrase from a file. Since version 0.03,  only	-F
       omits exit code checking by default, but it can be enabled with -c.

SEE ALSO

       gpg, gpg-agent

AUTHOR

       Karsten Scheibler

								   gpgwrap 0.04 							gpgwrap(1)
All times are GMT -4. The time now is 11:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy