Automate gpg decryption
Art Hampton
arth@pacsg.css.mot.com
Mon, 25 Oct 1999 09:40:04 -0500
Philippe Lochon wrote:
>
> Hi everyone
>
> I'm trying to automate file decryption with the following command:
>
> gpg --output file --decrypt file.gpg
[snip]
> Is there a way to do this with gpg, or do I have to use expect ?
Philippe,
Several months ago, I joined this list to ask much the same question.
Here's what I ended up with:
gpg --passphrase-fd <filedescriptor> --batch
where <filedescriptor> is the file descriptor that you will use to send
the password.
I have a setuid script which opens up a file with the passphrase, then
drops the setuid. Next, it creates three pipes, one for STDIN, one for
STDOUT, and then a third for the passphrase file descriptor. I then
fork a new process, get all the pipes set up correctly, and then exec
GPG as described above.
For my application, I'm signing something. I send it via STDIN, then
close the STDIN pipe. Then I send the passphrase, and close the
passphrase pipe. I then save whatever I get back from STDOUT until I
hit the EOF. Then I of course wait for the exit status of the child.
There may be a better way to do this. I remember Werner mentioning
something about a co-process example, but I never got around to
investigating that.
Hope this helps.