开发者

GnuPG Shell Script - Refuses to read password

The script below used to work on Mac OS X, but, since moving it to Ubuntu, it doesn't seem to read from the password file at all. Even when I run it from the command line, no matter what I do, I get a popup prompt asking me for the password. As this will run via cron, I don't want this to happen... I want it to read the password from the file with no prompt. To note, I did try using passphrase-fd and passphrase-file, neither of which worked...

#!/bin/sh
p=$(<pass.txt)
set -- $p
pass_phrase=$1
destination="/var/www/decrypted"
cd /var/sl_bin/
for FILE in *.pgp;
do
    FILENAME=${FILE%.pgp}
    gpg --passphrase "$pass_phr开发者_StackOverflow中文版ase" --output "$destination/$FILENAME" --decrypt "$FILE"
    rm -f $FILE
done


This works:

gpg --no-use-agent --batch --passphrase-file pass.txt --output kkkk.tar.bz2  --decrypt kkk-data.tar.bz2.gpg


The --passphrase-file option seems to be broken / not honored. I had to use --passphrase-fd 0 instead, like so:

cat .password | gpg --passphrase-fd 0 --output foo --decrypt foo.gpg


Use option --no-use-agent. It won't prompt you using option --passphrase.


If you don't want to supply the file via standard input (eg, because you're plugging this into another command like git, which wants to supply the content to sign via standard input), then you can use another file descriptor:

gpg --passphrase-fd 3 <your command here> 3< pass.txt


Your problem is probably that $passphrase is null. On Ubuntu sh is symlinked to dash which doesn't understand $(<file_name) in the same way that Bash does (but doesn't issue an error either).

You can change your shebang to:

#!/bin/bash

or use $(cat pass.txt)

Also, why not combine the second, third and fourth lines?: pass_phrase=$(<pass.txt) (or pass_phrase=($(<pass.txt)) if you're trying to strip off all but the first "word" in the file).

Your previous question


use

#!/bin/bash

or

#!/usr/bin/env bash

as your first line instead of #!/bin/sh

As for your pass phrase problem, you should probably try to use some automatic mechanism. check the gpg documentation for information. I don't use gpg, but you can check out gpg-agent.


Two solutions (the first one solved my problem ;-))

  • http://www.roguedaemon.net/rephrase/
  • gpg uses --passphrase-fd not --passphrase

    echo yourpw|gpg --passphrase-fd 0 --output out.txt -d file.txt


You're getting password prompt because you have DISPLAY variable set (if you click cancel the script will continue decrypting files). DISPLAY shouldn't be set in the cron environment, so you can probably ignore it, but to be sure or be able to test the script from command prompt add

unset DISPLAY

to the beginning of the script or run it before executing.

Also to be able to use $(<file) syntax you need to change

#!/bin/sh

to

#!/bin/bash

You should avoid using --passphrase option which could lead to revealing your password on multi-user system. You can use --passphrase-file instead. Here's how I would change your script:

#!/bin/sh
PASSFILE=$(pwd)/pass.txt
destination="/var/www/decrypted"
cd /var/sl_bin/
for FILE in *.pgp;
do
    FILENAME=${FILE%.pgp}
    gpg --passphrase-file $PASSFILE --output "$destination/$FILENAME" --decrypt "$FILE"
    rm -f $FILE
done

To save location of the password file before changing current directory, I saved it in PASSFILE variable.


add --archive to read password from --passphrase-file


You must to use:

gpg --batch --passphrase-fd 1 --passphrase-file your_password_file -c your_file_to_encript.txt


Use below script

#! /bin/sh
gpg --pinentry-mode loopback --passphrase='PASSWORD' --output /output/outputFileName /input/inputFileName
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜