|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
GnuPG (gpg command)
Post 96042 by BCarlson on Tuesday 17th of January 2006 08:34:22 AM
01-17-2006
GnuPG (gpg command)
I've been blessed with the task of writing functions that will be used to encrypt / decrypt data files using the Gnupg (gpg command) software on our Solaris 9. This was just installed last friday and I've got no documentation other than what I've found on the web.
I was successful in writing and testing the encrypt_file function. Piece of cake.
The problem I have is with the decrypt_file function trying to get the gpg command to allow me to pass the 'passphrase' as a variable. I can run the command (without a script), it prompts me for the passphrase, I type it and it works. I'm confused about the --command-fd and --passphrase-fd options. I've tried with each seperately and each alone and still get an error saying 'bad passphrase'. 
Has anyone else tried this? What have I got wrong? 
My current script and its output follows.
#! /bin/ksh
#------------------
function decrypt_file
{
# This function uses the GnuPG (gpg command) to decrypt files
# $1.gpg will be the input file and the output will be called $1.
# The gpg command resides in /usr/local/bin
#Setup
B=/bin
U=/usr/local/bin # this is where the gpg executable is
# Check if the input file exists
if [[ ! -f $1.gpg ]] then
echo "-*- Error - $1.gpg not found"
return 1
fi
# Delete the output file (if one exists)
$B/rm -f $1
# Let's decrypt the file
PP=`echo 'this is my test passphrase'` # this and the next line will be
echo "Pp=$PP" # replaced by an environment variable
echo $PP| $U/gpg --command-fd 0 --passphrase-fd 0 \
--decrypt-files "$1.gpg" << !end \
> /tmp/$$data
!end
stat=$?
if [[ $stat != 0 ]] then
echo "-*- Error - decrypt (gpg) failed"
return 1
fi
$B/grep -i "ERROR" /tmp/$$data > /dev/null
stat=$?
if [[ $stat != 1 ]] then
echo "-*- Decrypt failed"
cat /tmp/$$data
return 1
fi
# Look's like we're good to go
echo "--- File $1.gpg successfully de-encrypted as $1"
# Remove the input-file (the point of the whole process) and /tmp files
$B/rm -f $1.gpg
$B/rm -f /tmp/$$*
return 0
} # end decrypt_file
#------------------
Here's what I get when I run it:
$: decrypt_file test-file.txt
Pp=this is my test passphrase
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Reading passphrase from file descriptor 0
You need a passphrase to unlock the secret key for
user: "test name (test comment) <testemail@pni.com>"
1024-bit ELG-E key, ID 84D710AC, created 2006-01-13 (main key ID F423056A)
gpg: encrypted with 1024-bit ELG-E key, ID 84D710AC, created 2006-01-13
"test name (test comment) <testemail@pni.com>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
-*- Error - decrypt (gpg) failed
$:
Thanks, in advance, for any help you can give me.
I was successful in writing and testing the encrypt_file function. Piece of cake.
The problem I have is with the decrypt_file function trying to get the gpg command to allow me to pass the 'passphrase' as a variable. I can run the command (without a script), it prompts me for the passphrase, I type it and it works. I'm confused about the --command-fd and --passphrase-fd options. I've tried with each seperately and each alone and still get an error saying 'bad passphrase'. Has anyone else tried this? What have I got wrong? My current script and its output follows.
#! /bin/ksh
#------------------
function decrypt_file
{
# This function uses the GnuPG (gpg command) to decrypt files
# $1.gpg will be the input file and the output will be called $1.
# The gpg command resides in /usr/local/bin
#Setup
B=/bin
U=/usr/local/bin # this is where the gpg executable is
# Check if the input file exists
if [[ ! -f $1.gpg ]] then
echo "-*- Error - $1.gpg not found"
return 1
fi
# Delete the output file (if one exists)
$B/rm -f $1
# Let's decrypt the file
PP=`echo 'this is my test passphrase'` # this and the next line will be
echo "Pp=$PP" # replaced by an environment variable
echo $PP| $U/gpg --command-fd 0 --passphrase-fd 0 \
--decrypt-files "$1.gpg" << !end \
> /tmp/$$data
!end
stat=$?
if [[ $stat != 0 ]] then
echo "-*- Error - decrypt (gpg) failed"
return 1
fi
$B/grep -i "ERROR" /tmp/$$data > /dev/null
stat=$?
if [[ $stat != 1 ]] then
echo "-*- Decrypt failed"
cat /tmp/$$data
return 1
fi
# Look's like we're good to go
echo "--- File $1.gpg successfully de-encrypted as $1"
# Remove the input-file (the point of the whole process) and /tmp files
$B/rm -f $1.gpg
$B/rm -f /tmp/$$*
return 0
} # end decrypt_file
#------------------
Here's what I get when I run it:
$: decrypt_file test-file.txt
Pp=this is my test passphrase
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Reading passphrase from file descriptor 0
You need a passphrase to unlock the secret key for
user: "test name (test comment) <testemail@pni.com>"
1024-bit ELG-E key, ID 84D710AC, created 2006-01-13 (main key ID F423056A)
gpg: encrypted with 1024-bit ELG-E key, ID 84D710AC, created 2006-01-13
"test name (test comment) <testemail@pni.com>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
-*- Error - decrypt (gpg) failed
$:
Thanks, in advance, for any help you can give me.
|
|
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
hello,
i am writing an automated script for GnuPG decryption for a file, which was already being encrypted,
homedir="/home/.gnupg"
PassPhrase=`cat /home/.gnupg/.passphrase`
echo $PassPhrase | gpg --homedir $homedir --passphrase-fd 0 --no-tty --output secret21.txt --decrypt-files... (0 Replies)
Discussion started by: manas_ranjan
0 Replies
2. UNIX for Dummies Questions & Answers
hey guys
i need to restrict access to the GNUPG program because of the possibility that sensitive data like encryption keys and passwords that it is using may be written into the virtual memory swap partition on the hard disk and thus be retrieved at a later date long after the program has... (2 Replies)
Discussion started by: mile1982
2 Replies
3. UNIX for Dummies Questions & Answers
Hello sir,
I am using "gpg" command to encrypt a file.
We generally do it :-
then it asks us for :-
I want to know how to give this Passphrase in the command line itself !!!I did read the man page but couldnt make out what is the option for it.Can u please help me out !!! (2 Replies)
Discussion started by: nsharath
2 Replies
4. Ubuntu
I am using MUTT and I have configured my gmail account in it.
I want to use GnuPG(gpg) in it. But even after importing I get key not found error while sending.
Please help me for this problem.
---------- Post updated at 11:26 PM ---------- Previous update was at 07:48 AM ----------
This is... (0 Replies)
Discussion started by: nixhead
0 Replies
5. Cybersecurity
Hi,
I need to export an existing PGP key and import it into GnuPG on a different machine.
This is how I did the export:
pgp -kx myuser _myuser_public
pgp -kx myuser _myuser_private secring.skr
(this is from the pgp installation directory that contains secring.skr).
This produced two... (0 Replies)
Discussion started by: imchi
0 Replies
6. UNIX for Dummies Questions & Answers
Hi,
I need to export an existing PGP key and import it into GnuPG on a different machine.
This is how I did the export:
pgp -kx myuser _myuser_public
pgp -kx myuser _myuser_private secring.skr
(this is from the pgp installation directory that contains secring.skr).
This produced two... (0 Replies)
Discussion started by: imchi
0 Replies
7. Shell Programming and Scripting
Hi all,
I'm trying to decrypt a GnuPG file but not having much luck. I'm new to using it and have tried 4 different ways to do it but nothing works. Here are examples of the attempts I have made:
gpg -o ./file_name.tar.Z --passphrase-fd 0 ./file_name.tar.Z.gpg 0<./password.txt
cat... (5 Replies)
Discussion started by: Korn0474
5 Replies
8. Solaris
I have installed gnupg from the official Solaris 11 repository, but am experiencing library issues. This is the error I am getting:
ld.so.1: gpg2: fatal: relocation error: file /usr/lib/libreadline.so.5: symbol tgetent: referenced symbol not foundSee more information here:
bash-4.1$ gpg2... (4 Replies)
Discussion started by: ujjain
4 Replies
9. Shell Programming and Scripting
Hi Friends,
There are some 7 years script in out linux server. I am trying to understand them since Linux Server changed(A).
Below line in one of the encrypting script. Here scenario is encrypting bank files in our (A) server and doing Secure Copy to Server (B).
GPG -v --batch --yes --armor... (1 Reply)
Discussion started by: johnsnow
1 Replies
LEARN ABOUT CENTOS
amcryptsimple
AMCRYPTSIMPLE(8) System Administration Commands AMCRYPTSIMPLE(8) NAME
amcryptsimple - reference simple crypt program for Amanda symmetric data encryption SYNOPSIS
amcryptsimple to be called by Amanda only DESCRIPTION
amcryptsimple calls gpg to perform symmetric data encryption on Amanda backup. amcryptsimple will search for the gpg program in the following directories: /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin amcryptsimple uses one passphrase to encrypt the Amanda data and uses the same passphrase to decrypt the Amanda backup data. amcryptsimple uses AES256 as the symmetric cipher. HOW TO CREATE PASSPHRASE
Store the passphrase inside the home-directory of the Amanda user ($amanda_user) and protect it with proper permissions: echo my_secret_passphrase > ~$amanda_user/.am_passphrase chown $amanda_user:disk ~$amanda_user/.am_passphrase chmod 700 ~$amanda_user/.am_passphrase NOTES
Choose a good passphrase and protect it properly. Backup data can only be restored with the passphrase. There is no backdoor. If storing and securing passphrase in your environment presents challenges, Amanda provide public-key data encryption through amgpgcrypt. Public-key encryption uses the public key to encrypt and uses the private key to decrypt. SEE ALSO
amanda(8), amanda.conf(5), amcrypt(8), amgpgcrypt(8), amrestore(8), gpg(1) The Amanda Wiki: : http://wiki.zmanda.com/ AUTHOR
Kevin Till <kevin.till@zmanda.com> Zmanda, Inc. (http://www.zmanda.com) Amanda 3.3.3 01/10/2013 AMCRYPTSIMPLE(8)