|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
Script .ksh to decrypt .gpg(passphrase)
Post 302507946 by zangarules on Friday 25th of March 2011 08:05:03 AM
03-25-2011
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Dear Experts,
I am using one script name :volume.sh and its written in bash shell script.
I just want to encrypt the script so that any one else cannot see it.
please tell me the commands how to encrypt the script as well as to decrypt it.
Regards,
SHARY (9 Replies)
Discussion started by: shary
9 Replies
2. UNIX for Dummies Questions & Answers
can i use key with passphrase on a script/batch process?
i am not sure how to pass the pasphrase in the script. i'd like to automate
secure file transfer. thanks in advance (0 Replies)
Discussion started by: NoelSacay
0 Replies
3. UNIX for Dummies Questions & Answers
Hello sir,
I am using "gpg" command to encrypt a file.
We generally do it :-
then it asks us for :-
I want to know how to give this Passphrase in the command line itself !!!I did read the man page but couldnt make out what is the option for it.Can u please help me out !!! (2 Replies)
Discussion started by: nsharath
2 Replies
4. UNIX for Advanced & Expert Users
Hi,
I'm trying to decrypt a gpg file thorugh a shell script. But i' could'nt. My script is ,
-sh-3.1$ cat test_gpg.sh
#!/bin/ksh
echo " Hello, iam testing GPG"
gpg prabhu.txt.gpg <<EOF
prompt prabhu
EOF
exit 0
The file i'm trying to decrypt is prabhu.txt.gpg and my passphrase is... (1 Reply)
Discussion started by: apsprabhu
1 Replies
5. Shell Programming and Scripting
Hi,
I have a requirement to encrypt a file using gpg with a public key. However when i encrypt a file, i get a question like 'Do you want to go ahead with unverified user?' . when i press 'y' file is encrypted.
I am not able to automate this job because of this interactive mode. Could... (3 Replies)
Discussion started by: Deepakbabu
3 Replies
6. Shell Programming and Scripting
I need to decrypt a file in a directory, I need to write a shl scrip & cron job
How I find the files in the directory:
the file is like this:
dailypayments_sfs_payment_201011151800.dat -d
The decrypt command:
gpg -o dailypayments_sfs_payment_201011151800.dat -d
20101115 (the date... (7 Replies)
Discussion started by: rechever
7 Replies
7. Shell Programming and Scripting
Hi
Please see if you have come across any aprts of this. I can read, integrate and syntehsixe. Any help you could offer me would be super. thanks in advance!
Good day.
Thank you for your response in this matter. Here are some further details:
1) scripting is to be in BASH... (1 Reply)
Discussion started by: cdc01
1 Replies
8. Shell Programming and Scripting
Hi All,
very good morning all.
I am trying to connect to informatica repository by using shell script.
I have written pmrep connect command in the script file. But i need to provide repository, domain ,username and password to connect. Username and password are hard coded in the script... (8 Replies)
Discussion started by: SekhaReddy
8 Replies
9. Shell Programming and Scripting
Hello,
I have the following UNIX shell script which connects to the teradata database and executes the SQL Queries. For this, I am passing database name, username and password. I don't want to reveal my password to anyone. So, is there any way that I can encrypt my password and read the... (2 Replies)
Discussion started by: ronitreddy
2 Replies
10. Shell Programming and Scripting
I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh).
This particular script will be fired from cron.
Can you please advice how I can supply the... (2 Replies)
Discussion started by: atanubanerji
2 Replies
LEARN ABOUT DEBIAN
gpgwrap
gpgwrap(1) General Commands Manual gpgwrap(1) NAME
gpgwrap - a small wrapper for gpg SYNOPSIS
gpgwrap -V gpgwrap -P [-v] [-i] [-a] [-p <file>] gpgwrap -F [-v] [-i] [-a] [-c] [-p <file>] [-o <name>] [--] <file> [<file> ... ] gpgwrap [-v] [-i] [-a] [-p <file>] [-o <name>] [--] gpg [gpg options] DESCRIPTION
The GNU Privacy Guard (gpg) supplies the option --passphrase-fd. This instructs gpg to read the passphrase from the given file descriptor. Usually this file descriptor is opened before gpg is executed via execvp(3). Exactly that is what gpgwrap is doing. The passphrase may be passed to gpgwrap in 4 ways: * as file path, whereat the passphrase is stored as plain text in the file * it is piped from another program to the stdin of gpgwrap * through the GPGWRAP_PASSPHRASE environment variable * gpgwrap prompts for it With no precautions the first point undermines the secure infrastructure gpg provides. But in pure batch oriented environments this may be what you want. Otherwise if you are willing to enter passphrases once and don't want them to be stored as plain text in a file gpg-agent is what you are looking for. Another security objection could be the use of the environment variable GPGWRAP_PASSPHRASE which contains the passphrase and may be read by other processes of the same user. OPTIONS
-V, --version Print out version and exit. -P, --print Get the passphrase and print it mangled to stdout. -F, --file Read gpg commands from the given files. If <file> is - it is read from stdin. Exactly one command per line is expected. The given line is handled in the following way: * In the first place the passphrase is mangled. This means that unusual characters are replaced by their backslash escaped octal numbers. * Secondly the mangled passphrase is stored in the environment variable GPGWRAP_PASSPHRASE. * "exec gpgwrap -- " is prepended to each line, before the result is passed as argument to "sh -c". -h, --help Print out usage information. -v, --verbose Increase verbosity level. -i, --interactive Always prompt for passphrase (ignores -p and the environment variable). -a, --ask-twice Ask twice if prompting for a passphrase. -c, --check-exit-code While reading gpg commands from a file, gpgwrap ignores per default the exit code of its child processes. This option enables the check of the exit code. If a child terminates abnormal or with an exit code not equal 0 gpgwrap stops immediately and does return with this exit code. See also section BUGS. -p <file>, --passphrase-file <file> Read passphrase from <file>. If <file> is - it is read from stdin. The passphrase is expected to be in plain text. If this option is not given the passphrase will be taken either from the environment variable GPGWRAP_PASSPHRASE or it will be prompted on the controlling tty if the environment variable is not set. -o <name>, --option-name <name> Specify the name of the "--passphrase-fd" option understood by the program to be executed. This is useful if you want to use gpg- wrap in combination with other programs than gpg. LIMITATIONS
The given passphrase is subject to several limitations depending on the way it was passed to gpgwrap: * There is a size limitation: the passphrase should be not larger than some kilobytes (examine the source code for the exact limit). * gpgwrap allows you to use all characters in a passphrase even �00, but this does not mean that gpg will accept it. gpg may reject your passphrase or may only read a part of it, if it contains characters like �12 (in C also known as ). * If you set the environment variable GPGWRAP_PASSPHRASE you should take special care with the backslash character, because gpgwrap uses backslash to escape octal numbers, (see option -F). Therefore write backslash itself as octal number: 134. EXAMPLES
1. gpgwrap -p /path/to/a/secret/file gpg -c -z 0 --batch --no-tty --cipher-algo blowfish < infile > outfile Read passphrase from /path/to/a/secret/file and execute gpg to do symmetric encryption of infile and write it to outfile. 2. gpgwrap -i -a gpg -c -z 0 --batch --no-tty --cipher-algo blowfish < infile > outfile Same as above except that gpgwrap prompts twice for the passphrase. 3. gpgwrap -F -i - <<EOL gpg --decrypt --batch --no-tty < "$HOME/infile1" > "$HOME/outfile1" gpg --decrypt --batch --no-tty < "$HOME/infile2" > "$HOME/outfile2" gpg --decrypt --batch --no-tty < "$HOME/infile3" > "$HOME/outfile3" gpg --decrypt --batch --no-tty < "$HOME/infile4" > "$HOME/outfile4" EOL gpgwrap prompts for the passphrase and executes four instances of gpg to decrypt the given files. 4. GPGWRAP_PASSPHRASE="mysecretpassphrase" export GPGWRAP_PASSPHRASE gpgwrap -F -c -v /tmp/cmdfile1 - /tmp/cmdfile2 <<EOL gpg --decrypt --batch --no-tty < "$HOME/infile1" > "$HOME/outfile1" gpg --decrypt --batch --no-tty < "$HOME/infile2" > "$HOME/outfile2" gpg --decrypt --batch --no-tty < "$HOME/infile3" > "$HOME/outfile3" gpg --decrypt --batch --no-tty < "$HOME/infile4" > "$HOME/outfile4" EOL Same as above except that gpgwrap gets the passphrase via the environment variable, reads commands additionally from other files and checks the exit code of every gpg instance. This means if one gpg command has a non zero exit code, no further commands are executed. Furthermore gpgwrap produces verbose output. 5. GPGWRAP_PASSPHRASE="$(gpgwrap -P -i -a)" export GPGWRAP_PASSPHRASE find . -maxdepth 1 -type f | while read FILE; do FILE2="$FILE.bz2.gpg" bzip2 -c "$FILE" | gpgwrap gpg -c -z 0 --batch --no-tty --cipher-algo blowfish > "$FILE2" && touch -r "$FILE" "$FILE2" && rm -f "$FILE" done Read in passphrase, compress all files in the current directory, encrypt them and keep date from original file. 6. find . -maxdepth 1 -type f -name '*.bz2.gpg' | awk '{ printf("gpg --decrypt --batch --no-tty --quiet "); printf("--no-secmem-warning < %s ", $0); }' | gpgwrap -F -i -c - | bzip2 -d -c - | grep -i 'data' Decrypt all *.bz2.gpg files in the current directory, decompress them and print out all occurances of data. If you pipe the result to less you get into trouble because gpgwrap and less try to read from the TTY at the same time. In such a case it is better to use the environment variable to give the passphrase (the example above shows how to do this). 7. GPGWRAP_PASSPHRASE="$(gpgwrap -P -i -a)" export GPGWRAP_PASSPHRASE gpgwrap -P | ssh -C -x -P -l user host " GPGWRAP_PASSPHRASE="$(cat)" ... " Prompt for a passphrase twice and write it to the GPGWRAP_PASSPHRASE environment variable. 8. echo -n "Passphrase: " stty -echo read GPGWRAP_PASSPHRASE echo stty echo export GPGWRAP_PASSPHRASE Another way to prompt manually for the passphrase. It was needed in combination with older versions of gpgwrap, because they did not upport -P. Be aware that with this method no automatic conversion to backslash escaped octal numbers takes place. 9. echo "mysecretpassphrase" | gpg --batch --no-tty --passphrase-fd 0 --output outfile --decrypt infile Cheap method to give passphrase to gpg without gpgwrap. Note that you can't use stdin to pass a file to gpg, because stdin is already used for the passphrase. 10. gpg --batch --no-tty --passphrase-fd 3 3< /path/to/a/secret/file < infile > outfile This is a more advanced method to give the passphrase, it is equivalent to Option -p of gpgwrap. This example should at least work with the bash. 11. gpg --batch --no-tty --passphrase-fd 3 3< <(echo "mysecretpassphrase") < infile > outfile Like above, but the passphrase is given directly. This example should at least work with the bash. BUGS
In version 0.02 of gpgwrap the exit code of gpg was only returned if gpgwrap read the passphrase from a file. Since version 0.03, only -F omits exit code checking by default, but it can be enabled with -c. SEE ALSO
gpg, gpg-agent AUTHOR
Karsten Scheibler gpgwrap 0.04 gpgwrap(1)