Automate gpg decryption

Art Hampton arth@pacsg.css.mot.com
Mon, 25 Oct 1999 09:40:04 -0500


Philippe Lochon wrote:

>
> Hi everyone
>
> I'm trying to automate file decryption with the following command:
>
> gpg --output file --decrypt file.gpg
[snip]
> Is there a way to do this with gpg, or do I have to use expect ?
Philippe, Several months ago, I joined this list to ask much the same question. Here's what I ended up with: gpg --passphrase-fd <filedescriptor> --batch where <filedescriptor> is the file descriptor that you will use to send the password. I have a setuid script which opens up a file with the passphrase, then drops the setuid. Next, it creates three pipes, one for STDIN, one for STDOUT, and then a third for the passphrase file descriptor. I then fork a new process, get all the pipes set up correctly, and then exec GPG as described above. For my application, I'm signing something. I send it via STDIN, then close the STDIN pipe. Then I send the passphrase, and close the passphrase pipe. I then save whatever I get back from STDOUT until I hit the EOF. Then I of course wait for the exit status of the child. There may be a better way to do this. I remember Werner mentioning something about a co-process example, but I never got around to investigating that. Hope this helps.