gpg decryption - Disable interactive password entry

Background description

  • gpg decryption will pop up the following window by default. Please enter the password, but there is a problem in script automation
    lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
    x Enter passphrase                                    x
    x                                                     x
    x                                                     x
    x Passphrase ________________________________________ x
    x                                                     x
    x       <OK>                             <Cancel>     x
    mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

  • gpg version 2.0.22
    [root@localhost decode_tools]# gpg --version
    gpg (GnuPG) 2.0.22
    libgcrypt 1.5.3
    Copyright (C) 2013 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Home: ~/.gnupg
    Supported algorithms:
    Pubkey: RSA, ?, ?, ELG, DSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
            CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2
  • The help information of gpg does not give obvious prompt information
    Syntax: gpg [options] [files]
    Sign, check, encrypt or decrypt
    Default operation depends on the input data
    
    Commands:
    
     -s, --sign                 make a signature
         --clearsign            make a clear text signature
     -b, --detach-sign          make a detached signature
     -e, --encrypt              encrypt data
     -c, --symmetric            encryption only with symmetric cipher
     -d, --decrypt              decrypt data (default)
         --verify               verify a signature
     -k, --list-keys            list keys
         --list-sigs            list keys and signatures
         --check-sigs           list and check key signatures
         --fingerprint          list keys and fingerprints
     -K, --list-secret-keys     list secret keys
         --gen-key              generate a new key pair
         --gen-revoke           generate a revocation certificate
         --delete-keys          remove keys from the public keyring
         --delete-secret-keys   remove keys from the secret keyring
         --sign-key             sign a key
         --lsign-key            sign a key locally
         --edit-key             sign or edit a key
         --passwd               change a passphrase
         --export               export keys
         --send-keys            export keys to a key server
         --recv-keys            import keys from a key server
         --search-keys          search for keys on a key server
         --refresh-keys         update all keys from a keyserver
         --import               import/merge keys
         --card-status          print the card status
         --card-edit            change data on a card
         --change-pin           change a card's PIN
         --update-trustdb       update the trust database
         --print-md             print message digests
         --server               run in server mode
    
    Options:
    
     -a, --armor                create ascii armored output
     -r, --recipient USER-ID    encrypt for USER-ID
     -u, --local-user USER-ID   use USER-ID to sign or decrypt
     -z N                       set compress level to N (0 disables)
         --textmode             use canonical text mode
     -o, --output FILE          write output to FILE
     -v, --verbose              verbose
     -n, --dry-run              do not make any changes
     -i, --interactive          prompt before overwriting
         --openpgp              use strict OpenPGP behavior
    
    (See the man page for a complete listing of all commands and options)
    
    Examples:
    
     -se -r Bob [file]          sign and encrypt for user Bob
     --clearsign [file]         make a clear text signature
     --detach-sign [file]       make a detached signature
     --list-keys [names]        show keys
     --fingerprint [names]      show fingerprints
    
    Please report bugs to <http://bugs.gnupg.org>.

Verify the last three solutions

  • gpg input password directly:
      gpg --batch --passphrase suanec groups.tgz.gpg
  • Enter password indirectly through pipeline + gpg file descriptor
      # Here -- passphrase fd indicates which fd to read information from, cat output to standard output, so write 0 here.
      cat conf/password | gpg --batch --passphrase-fd 0 groups.tgz.gpg
  • Through the configuration file, gpg directly reads the password
      # The author uses the current way.
      gpg --batch --passphrase-file ./conf/password groups.tgz.gpg

be careful

  • gpg 1.x version and gpg 2.x version are slightly adjusted, and the -- batch parameter is required to disable interactive operation.
      Update 2017-12-04.  (add -- batch to prevent password prompt)

      You may need to add the -- batch option:
      Starting with version 2 of GPG, - batch needs to use this option to make sure there is no prompt

Tags: SHA1 zlib Database ascii

Posted on Thu, 04 Jun 2020 11:28:59 -0700 by liquidd