|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
GnuPG (gpg command)
Post 96042 by BCarlson on Tuesday 17th of January 2006 08:34:22 AM
01-17-2006
GnuPG (gpg command)
I've been blessed with the task of writing functions that will be used to encrypt / decrypt data files using the Gnupg (gpg command) software on our Solaris 9. This was just installed last friday and I've got no documentation other than what I've found on the web.
I was successful in writing and testing the encrypt_file function. Piece of cake.
The problem I have is with the decrypt_file function trying to get the gpg command to allow me to pass the 'passphrase' as a variable. I can run the command (without a script), it prompts me for the passphrase, I type it and it works. I'm confused about the --command-fd and --passphrase-fd options. I've tried with each seperately and each alone and still get an error saying 'bad passphrase'. 
Has anyone else tried this? What have I got wrong? 
My current script and its output follows.
#! /bin/ksh
#------------------
function decrypt_file
{
# This function uses the GnuPG (gpg command) to decrypt files
# $1.gpg will be the input file and the output will be called $1.
# The gpg command resides in /usr/local/bin
#Setup
B=/bin
U=/usr/local/bin # this is where the gpg executable is
# Check if the input file exists
if [[ ! -f $1.gpg ]] then
echo "-*- Error - $1.gpg not found"
return 1
fi
# Delete the output file (if one exists)
$B/rm -f $1
# Let's decrypt the file
PP=`echo 'this is my test passphrase'` # this and the next line will be
echo "Pp=$PP" # replaced by an environment variable
echo $PP| $U/gpg --command-fd 0 --passphrase-fd 0 \
--decrypt-files "$1.gpg" << !end \
> /tmp/$$data
!end
stat=$?
if [[ $stat != 0 ]] then
echo "-*- Error - decrypt (gpg) failed"
return 1
fi
$B/grep -i "ERROR" /tmp/$$data > /dev/null
stat=$?
if [[ $stat != 1 ]] then
echo "-*- Decrypt failed"
cat /tmp/$$data
return 1
fi
# Look's like we're good to go
echo "--- File $1.gpg successfully de-encrypted as $1"
# Remove the input-file (the point of the whole process) and /tmp files
$B/rm -f $1.gpg
$B/rm -f /tmp/$$*
return 0
} # end decrypt_file
#------------------
Here's what I get when I run it:
$: decrypt_file test-file.txt
Pp=this is my test passphrase
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Reading passphrase from file descriptor 0
You need a passphrase to unlock the secret key for
user: "test name (test comment) <testemail@pni.com>"
1024-bit ELG-E key, ID 84D710AC, created 2006-01-13 (main key ID F423056A)
gpg: encrypted with 1024-bit ELG-E key, ID 84D710AC, created 2006-01-13
"test name (test comment) <testemail@pni.com>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
-*- Error - decrypt (gpg) failed
$:
Thanks, in advance, for any help you can give me.
I was successful in writing and testing the encrypt_file function. Piece of cake.
The problem I have is with the decrypt_file function trying to get the gpg command to allow me to pass the 'passphrase' as a variable. I can run the command (without a script), it prompts me for the passphrase, I type it and it works. I'm confused about the --command-fd and --passphrase-fd options. I've tried with each seperately and each alone and still get an error saying 'bad passphrase'. Has anyone else tried this? What have I got wrong? My current script and its output follows.
#! /bin/ksh
#------------------
function decrypt_file
{
# This function uses the GnuPG (gpg command) to decrypt files
# $1.gpg will be the input file and the output will be called $1.
# The gpg command resides in /usr/local/bin
#Setup
B=/bin
U=/usr/local/bin # this is where the gpg executable is
# Check if the input file exists
if [[ ! -f $1.gpg ]] then
echo "-*- Error - $1.gpg not found"
return 1
fi
# Delete the output file (if one exists)
$B/rm -f $1
# Let's decrypt the file
PP=`echo 'this is my test passphrase'` # this and the next line will be
echo "Pp=$PP" # replaced by an environment variable
echo $PP| $U/gpg --command-fd 0 --passphrase-fd 0 \
--decrypt-files "$1.gpg" << !end \
> /tmp/$$data
!end
stat=$?
if [[ $stat != 0 ]] then
echo "-*- Error - decrypt (gpg) failed"
return 1
fi
$B/grep -i "ERROR" /tmp/$$data > /dev/null
stat=$?
if [[ $stat != 1 ]] then
echo "-*- Decrypt failed"
cat /tmp/$$data
return 1
fi
# Look's like we're good to go
echo "--- File $1.gpg successfully de-encrypted as $1"
# Remove the input-file (the point of the whole process) and /tmp files
$B/rm -f $1.gpg
$B/rm -f /tmp/$$*
return 0
} # end decrypt_file
#------------------
Here's what I get when I run it:
$: decrypt_file test-file.txt
Pp=this is my test passphrase
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Reading passphrase from file descriptor 0
You need a passphrase to unlock the secret key for
user: "test name (test comment) <testemail@pni.com>"
1024-bit ELG-E key, ID 84D710AC, created 2006-01-13 (main key ID F423056A)
gpg: encrypted with 1024-bit ELG-E key, ID 84D710AC, created 2006-01-13
"test name (test comment) <testemail@pni.com>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
-*- Error - decrypt (gpg) failed
$:
Thanks, in advance, for any help you can give me.
|
|
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
hello,
i am writing an automated script for GnuPG decryption for a file, which was already being encrypted,
homedir="/home/.gnupg"
PassPhrase=`cat /home/.gnupg/.passphrase`
echo $PassPhrase | gpg --homedir $homedir --passphrase-fd 0 --no-tty --output secret21.txt --decrypt-files... (0 Replies)
Discussion started by: manas_ranjan
0 Replies
2. UNIX for Dummies Questions & Answers
hey guys
i need to restrict access to the GNUPG program because of the possibility that sensitive data like encryption keys and passwords that it is using may be written into the virtual memory swap partition on the hard disk and thus be retrieved at a later date long after the program has... (2 Replies)
Discussion started by: mile1982
2 Replies
3. UNIX for Dummies Questions & Answers
Hello sir,
I am using "gpg" command to encrypt a file.
We generally do it :-
then it asks us for :-
I want to know how to give this Passphrase in the command line itself !!!I did read the man page but couldnt make out what is the option for it.Can u please help me out !!! (2 Replies)
Discussion started by: nsharath
2 Replies
4. Ubuntu
I am using MUTT and I have configured my gmail account in it.
I want to use GnuPG(gpg) in it. But even after importing I get key not found error while sending.
Please help me for this problem.
---------- Post updated at 11:26 PM ---------- Previous update was at 07:48 AM ----------
This is... (0 Replies)
Discussion started by: nixhead
0 Replies
5. Cybersecurity
Hi,
I need to export an existing PGP key and import it into GnuPG on a different machine.
This is how I did the export:
pgp -kx myuser _myuser_public
pgp -kx myuser _myuser_private secring.skr
(this is from the pgp installation directory that contains secring.skr).
This produced two... (0 Replies)
Discussion started by: imchi
0 Replies
6. UNIX for Dummies Questions & Answers
Hi,
I need to export an existing PGP key and import it into GnuPG on a different machine.
This is how I did the export:
pgp -kx myuser _myuser_public
pgp -kx myuser _myuser_private secring.skr
(this is from the pgp installation directory that contains secring.skr).
This produced two... (0 Replies)
Discussion started by: imchi
0 Replies
7. Shell Programming and Scripting
Hi all,
I'm trying to decrypt a GnuPG file but not having much luck. I'm new to using it and have tried 4 different ways to do it but nothing works. Here are examples of the attempts I have made:
gpg -o ./file_name.tar.Z --passphrase-fd 0 ./file_name.tar.Z.gpg 0<./password.txt
cat... (5 Replies)
Discussion started by: Korn0474
5 Replies
8. Solaris
I have installed gnupg from the official Solaris 11 repository, but am experiencing library issues. This is the error I am getting:
ld.so.1: gpg2: fatal: relocation error: file /usr/lib/libreadline.so.5: symbol tgetent: referenced symbol not foundSee more information here:
bash-4.1$ gpg2... (4 Replies)
Discussion started by: ujjain
4 Replies
9. Shell Programming and Scripting
Hi Friends,
There are some 7 years script in out linux server. I am trying to understand them since Linux Server changed(A).
Below line in one of the encrypting script. Here scenario is encrypting bank files in our (A) server and doing Secure Copy to Server (B).
GPG -v --batch --yes --armor... (1 Reply)
Discussion started by: johnsnow
1 Replies
LEARN ABOUT DEBIAN
gpg-zip
GPG-ZIP(1) General Commands Manual GPG-ZIP(1) NAME
gpg-zip - encrypt or sign files into an archive SYNOPSIS
gpg-zip [OPTIONS] filename1 [filename2, ...] directory1 [directory2, ...] DESCRIPTION
This manual page documents briefly the gpg-zip command. gpg-zip encrypts or signs files into an archive. It is an gpg-ized tar using the same format as PGP's PGP Zip. OPTIONS
-e, --encrypt Encrypt data. This option may be combined with --symmetric (for output that may be decrypted via a secret key or a passphrase). -d, --decrypt Decrypt data. -c, --symmetric Encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the --cipher-algo option to gpg(1). -s, --sign Make a signature. See gpg(1). -r, --recipient USER Encrypt for user id USER. See gpg(1). -u, --local-user USER Use USER as the key to sign with. See gpg(1). --list-archive List the contents of the specified archive. -o, --output FILE" Write output to specified file FILE. --gpg GPG Use the specified command instead of gpg. --gpg-args ARGS Pass the specified options to gpg(1). --tar TAR Use the specified command instead of tar. --tar-args ARGS Pass the specified options to tar(1). -h, --help Output a short usage information. --version Output the program version. DIAGNOSTICS
The program returns 0 if everything was fine, 1 otherwise. EXAMPLES
Encrypt the contents of directory mydocs for user Bob to file test1: gpg-zip --encrypt --output test1 --gpg-args -r Bob"" mydocs List the contents of archive test1: gpg-zip --list-archive test1 SEE ALSO
gpg(1), tar(1) AUTHOR
Copyright (C) 2005 Free Software Foundation, Inc. Please report bugs to <bug-gnupg@gnu.org>. This manpage was written by Colin Tuckley <colin@tuckley.org> and Daniel Leidert <daniel.leidert@wgdd.de> for the Debian distribution (but may be used by others). November 2006 GPG-ZIP(1)