GnuPG Shell Script - Refuses to read password
The script below used to work on Mac OS X, but, since moving it to Ubuntu, it doesn't seem to read from the password file at all. Even when I run it from the command line, no matter what I do, I get a popup prompt asking me for the password. As this will run via cron, I don't want this to happen... I want it to read the password from the file with no prompt. To note, I did try using passphrase-fd and passphrase-file, neither of which worked...
#!/bin/sh
p=$(<pass.txt)
set -- $p
pass_phrase=$1
destination="/var/www/decrypted"
cd /var/sl_bin/
for FILE in *.pgp;
do
FILENAME=${FILE%.pgp}
gpg --passphrase "$pass_phr开发者_StackOverflow中文版ase" --output "$destination/$FILENAME" --decrypt "$FILE"
rm -f $FILE
done
This works:
gpg --no-use-agent --batch --passphrase-file pass.txt --output kkkk.tar.bz2 --decrypt kkk-data.tar.bz2.gpg
The --passphrase-file
option seems to be broken / not honored. I had to use --passphrase-fd 0
instead, like so:
cat .password | gpg --passphrase-fd 0 --output foo --decrypt foo.gpg
Use option --no-use-agent. It won't prompt you using option --passphrase.
If you don't want to supply the file via standard input (eg, because you're plugging this into another command like git, which wants to supply the content to sign via standard input), then you can use another file descriptor:
gpg --passphrase-fd 3 <your command here> 3< pass.txt
Your problem is probably that $passphrase
is null. On Ubuntu sh
is symlinked to dash
which doesn't understand $(<file_name)
in the same way that Bash does (but doesn't issue an error either).
You can change your shebang to:
#!/bin/bash
or use $(cat pass.txt)
Also, why not combine the second, third and fourth lines?: pass_phrase=$(<pass.txt)
(or pass_phrase=($(<pass.txt))
if you're trying to strip off all but the first "word" in the file).
Your previous question
use
#!/bin/bash
or
#!/usr/bin/env bash
as your first line instead of #!/bin/sh
As for your pass phrase problem, you should probably try to use some automatic mechanism. check the gpg documentation for information. I don't use gpg, but you can check out gpg-agent
.
Two solutions (the first one solved my problem ;-))
- http://www.roguedaemon.net/rephrase/
gpg uses --passphrase-fd not --passphrase
echo yourpw|gpg --passphrase-fd 0 --output out.txt -d file.txt
You're getting password prompt because you have DISPLAY
variable set (if you click cancel the script will continue decrypting files). DISPLAY
shouldn't be set in the cron environment, so you can probably ignore it, but to be sure or be able to test the script from command prompt add
unset DISPLAY
to the beginning of the script or run it before executing.
Also to be able to use $(<file)
syntax you need to change
#!/bin/sh
to
#!/bin/bash
You should avoid using --passphrase
option which could lead to revealing your password on multi-user system. You can use --passphrase-file
instead. Here's how I would change your script:
#!/bin/sh
PASSFILE=$(pwd)/pass.txt
destination="/var/www/decrypted"
cd /var/sl_bin/
for FILE in *.pgp;
do
FILENAME=${FILE%.pgp}
gpg --passphrase-file $PASSFILE --output "$destination/$FILENAME" --decrypt "$FILE"
rm -f $FILE
done
To save location of the password file before changing current directory, I saved it in PASSFILE
variable.
add --archive
to read password from --passphrase-file
You must to use:
gpg --batch --passphrase-fd 1 --passphrase-file your_password_file -c your_file_to_encript.txt
Use below script
#! /bin/sh
gpg --pinentry-mode loopback --passphrase='PASSWORD' --output /output/outputFileName /input/inputFileName
精彩评论