some questions on using gpg in scripting

Philippe Cerfon philcerf at
Sat Nov 21 15:47:34 CET 2009


I'd like to use gpg in some scripts for decryption only.

The encrypted files are mainly symmetrically encrypted (I mean the
session key), but it could also happen, that there appear some
asymmetrically encrypted files.
I want to prevent gpg to try writing to disk (especially ~/.gnupg) as
this might be read only.

What I do now is:
{ echo $passphrsae; cat message; } | gpg --batch --no-options
--no-random-seed-file --no-default-keyring --keyring /dev/null
--secret-keyring /dev/null --trust-db-name /dev/null --passphrase-fd 0
--decrypt | doFurtherStuff

With --no-options I prevent the creation of ~/.gnupg and usage
gpg.conf, which is exactly what I want.
With --keyring /dev/null --secret-keyring /dev/null I give it some
(empty) keyrings
With --no-default-keyring I prevent that it fails because no
~/.gnupg/pub|secring.gpg exist.

So far so good. I would however like to let is use
~/.gnupg/pub|secring.gpg but only if they exist (it should not create
them) and it should never use gnupg.conf.
Is this possible?


btw: The manpage says, with --no-tty, gnugp would never ever write to
the terminal. It does hoewever (e.g. error messages that no keyrings
exists, or no MDC was found.)

More information about the Gnupg-devel mailing list