How to decrypt / encrypt automatically

Steve Butler sbutler@fchn.com
Fri Jan 4 18:57:01 2002


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--=_58e210ac3a33ed8cce26284dcae8e255
Content-Type: text/plain;
	charset="utf-8"

I have some Linux/Unix scripts that do this rather nicely.  I'm currently
looking to see if I can copyleft them (I currently hold the copyright but am
unable to put the level of effort into them to make the commercial quality).
I'd suggest a Linux box <<grin>> to do all that work.  I'm currently working
to upgrade my edi_out script to pick up files from a Windoze FTP server (so
I can pull files off the user network) and send them to predefined
destinations (the name of the file will clue the script as to the
destination).  My ftpexec script already knows how to encrypt a file and can
pick up the appropriate key per destination.
 
My edi_in script knows how to pick up from from a web based ftp server pull
them inside a firewall and decrypt them (it is being enhanced to know how to
deliver specific files to predefined internal destinations such as Windoze
so users can pick up the decrypted file).  
 
Now, if somebody will just clue me in on what I need to do to copyleft these
things....
-----Original Message-----
From: Dinesh Achuthan [mailto:dinesh.achuthan@webaccommodate.com]
Sent: Friday, January 04, 2002 9:44 AM
To: Steve Butler; ritter, horst (EDS CH); gnupg-users@gnupg.org
Subject: How to decrypt / encrypt automatically


Hi,
 
I have Windows NT as my OS. I have set of files generated automatically
every hour and I need to FTP these files to different locations after
encrypting it. In the other end I need to decrypt all these files. 
 
I need to automate this process in both the ends such that scheduled script
gets executed to carry out these encryption and decryption processes. Since
I need to key in pass-phrase everytime I am unable to do this.
 
Can anyone help me out detailing how to do this. I am new to this field. I
am using Java to write my application. 
 
Thanks
Dinesh

-----Original Message----- 
From: Steve Butler 
Sent: Fri 1/4/2002 9:18 AM 
To: 'ritter, horst (EDS CH)'; 'gnupg-users@gnupg.org' 
Cc: 
Subject: RE: Passphrase as parameter in the command line



NOTE:  My "default" program hands back data strings based on the host name
from which it is running. 
       gpg_home returns the path to where the key rings are located.
       gpg_pass$1 returns the pass phrase identified by $1 (1st parameter on
command line)
       The 2nd and 3rd parameters on the command line are the input and
output file names (including paths)


script name: gpg_decrypt

#!/bin/ksh
homedir=$(default gpg_home)

rm -f $3 2>&1 1> /dev/null
default gpg_pass$1 \
  | gpg --homedir $homedir --passphrase-fd 0 --no-tty \
        --output $3 --decrypt $2
# end of script

Since we have two public keys (a 1024 bit one and a 2048 bit one -- we are
phasing out the 1024 bit key) we identify the pass phrases differently.  You
might prefer to have a single pass phrase and simply echo "my pass phrase"
and pipe that to gpg and use --passphrase-fd 0

Note that our options file has these additional entries that might be
appropriate for your environment:
compress-algo 1
force-v3-sigs
batch

Usage:  gpg_decrypt 2 input_file output_file


And, no, the passphrases are not in clear text.  However, a hacker could
quickly break my simple obfuscation.  But it keeps the company non-hackers
from casually gazing on them.  My personal pass phrase is not on the box.


--Steve Butler
Oracle DBA
First Choice Health Network

(And I apologize for the forced commentary the corporate email server will
apply once this message leaves my box).



-----Original Message-----
From: ritter, horst (EDS CH) [ mailto:horst.ritter-eds@eds.com
<mailto:horst.ritter-eds@eds.com> ]
Sent: Friday, January 04, 2002 8:38 AM
To: 'gnupg-users@gnupg.org'
Subject: Passphrase as parameter in the command line


Dear Linux community,

I have been looking for weeks for a solution to the following problem.

How can I give gpg the passphrase as parameter in the commandline to decrypt
files, instead to type it in after GPG's request?
I need this to automaticaly process a lot of files under UNIX, managed by
self written program.

I would be greatful for any hints, or any ideas, which may lead to a
solution.

Should you have any questions, or require further information, please do not
hesitate to contact me.

Best regards,

Horst Ritter


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
<http://lists.gnupg.org/mailman/listinfo/gnupg-users> 

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information.  Any unauthorized review, use, disclosure or
distribution is prohibited.  If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
<http://lists.gnupg.org/mailman/listinfo/gnupg-users> 




CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

--=_58e210ac3a33ed8cce26284dcae8e255
Content-Type: text/html;
	charset="utf-8"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<TITLE>RE: Passphrase as parameter in the command line</TITLE>

<META content="MSHTML 5.50.4134.600" name=GENERATOR></HEAD>
<BODY dir=ltr>
<DIV><SPAN class=178304617-04012002><FONT face=Arial color=#0000ff size=2>I have 
some Linux/Unix scripts that do this rather nicely.&nbsp; I'm currently looking 
to see if I can copyleft them (I currently hold the copyright but am unable to 
put the level of effort into them to make the commercial quality).&nbsp; I'd 
suggest a Linux box &lt;&lt;grin&gt;&gt; to do all that work.&nbsp; I'm 
currently working to upgrade my edi_out script to pick up files from a Windoze 
FTP server (so I can pull files off the user network) and send them to 
predefined destinations (the name of the file will clue the script as to the 
destination).&nbsp; My ftpexec script already knows how to encrypt a file and 
can pick up the appropriate key per destination.</FONT></SPAN></DIV>
<DIV><SPAN class=178304617-04012002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=178304617-04012002><FONT face=Arial color=#0000ff size=2>My 
edi_in script knows how to pick up from from a web based ftp server pull them 
inside a firewall and decrypt them (it is being enhanced to know how to deliver 
specific files to predefined internal destinations such as Windoze so users can 
pick up the decrypted file).&nbsp; </FONT></SPAN></DIV>
<DIV><SPAN class=178304617-04012002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=178304617-04012002><FONT face=Arial color=#0000ff size=2>Now, 
if somebody will just clue me in on what I need to do to copyleft these 
things....</FONT></SPAN></DIV>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
size=2>-----Original Message-----<BR><B>From:</B> Dinesh Achuthan 
[mailto:dinesh.achuthan@webaccommodate.com]<BR><B>Sent:</B> Friday, January 04, 
2002 9:44 AM<BR><B>To:</B> Steve Butler; ritter, horst (EDS CH); 
gnupg-users@gnupg.org<BR><B>Subject:</B> How to decrypt / encrypt 
automatically<BR><BR></FONT></DIV>
<DIV>Hi,</DIV>
<DIV>&nbsp;</DIV>
<DIV>I have Windows NT as my OS. I have set of files generated automatically 
every hour and I need to FTP these files to different locations after encrypting 
it. In the other end I need to decrypt all these files. </DIV>
<DIV>&nbsp;</DIV>
<DIV>I need to automate this process in both the ends such that scheduled script 
gets executed to carry out these encryption and decryption processes. Since I 
need to key in pass-phrase everytime I am unable to do this.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Can anyone help me out detailing how to do this. I am new to this field. I 
am using Java to write my application. </DIV>
<DIV>&nbsp;</DIV>
<DIV>Thanks</DIV>
<DIV>Dinesh</DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV><FONT size=2>-----Original Message----- <BR><B>From:</B> Steve Butler 
  <BR><B>Sent:</B> Fri 1/4/2002 9:18 AM <BR><B>To:</B> 'ritter, horst (EDS CH)'; 
  'gnupg-users@gnupg.org' <BR><B>Cc:</B> <BR><B>Subject:</B> RE: Passphrase as 
  parameter in the command line<BR><BR></FONT></DIV>
  <P><FONT size=2>NOTE:&nbsp; My "default" program hands back data strings based 
  on the host name<BR>from which it is 
  running.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; gpg_home returns the 
  path to where the key rings are 
  located.<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; gpg_pass$1 returns the pass 
  phrase identified by $1 (1st parameter on<BR>command 
  line)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The 2nd and 3rd parameters on 
  the command line are the input and<BR>output file names (including 
  paths)<BR><BR><BR>script name: 
  gpg_decrypt<BR><BR>#!/bin/ksh<BR>homedir=$(default gpg_home)<BR><BR>rm -f $3 
  2&gt;&amp;1 1&gt; /dev/null<BR>default gpg_pass$1 \<BR>&nbsp; | gpg --homedir 
  $homedir --passphrase-fd 0 --no-tty 
  \<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --output $3 --decrypt $2<BR># 
  end of script<BR><BR>Since we have two public keys (a 1024 bit one and a 2048 
  bit one -- we are<BR>phasing out the 1024 bit key) we identify the pass 
  phrases differently.&nbsp; You<BR>might prefer to have a single pass phrase 
  and simply echo "my pass phrase"<BR>and pipe that to gpg and use 
  --passphrase-fd 0<BR><BR>Note that our options file has these additional 
  entries that might be<BR>appropriate for your environment:<BR>compress-algo 
  1<BR>force-v3-sigs<BR>batch<BR><BR>Usage:&nbsp; gpg_decrypt 2 input_file 
  output_file<BR><BR><BR>And, no, the passphrases are not in clear text.&nbsp; 
  However, a hacker could<BR>quickly break my simple obfuscation.&nbsp; But it 
  keeps the company non-hackers<BR>from casually gazing on them.&nbsp; My 
  personal pass phrase is not on the box.<BR><BR><BR>--Steve Butler<BR>Oracle 
  DBA<BR>First Choice Health Network<BR><BR>(And I apologize for the forced 
  commentary the corporate email server will<BR>apply once this message leaves 
  my box).<BR><BR><BR><BR>-----Original Message-----<BR>From: ritter, horst (EDS 
  CH) [<A 
  href="mailto:horst.ritter-eds@eds.com">mailto:horst.ritter-eds@eds.com</A>]<BR>Sent: 
  Friday, January 04, 2002 8:38 AM<BR>To: 'gnupg-users@gnupg.org'<BR>Subject: 
  Passphrase as parameter in the command line<BR><BR><BR>Dear Linux 
  community,<BR><BR>I have been looking for weeks for a solution to the 
  following problem.<BR><BR>How can I give gpg the passphrase as parameter in 
  the commandline to decrypt<BR>files, instead to type it in after GPG's 
  request?<BR>I need this to automaticaly process a lot of files under UNIX, 
  managed by<BR>self written program.<BR><BR>I would be greatful for any hints, 
  or any ideas, which may lead to a<BR>solution.<BR><BR>Should you have any 
  questions, or require further information, please do not<BR>hesitate to 
  contact me.<BR><BR>Best regards,<BR><BR>Horst 
  Ritter<BR><BR><BR>_______________________________________________<BR>Gnupg-users 
  mailing list<BR>Gnupg-users@gnupg.org<BR><A 
  href="http://lists.gnupg.org/mailman/listinfo/gnupg-users">http://lists.gnupg.org/mailman/listinfo/gnupg-users</A><BR><BR>CONFIDENTIALITY 
  NOTICE:&nbsp; This e-mail message, including any attachments, is for the sole 
  use of the intended recipient(s) and may contain confidential and privileged 
  information.&nbsp; Any unauthorized review, use, disclosure or distribution is 
  prohibited.&nbsp; If you are not the intended recipient, please contact the 
  sender by reply e-mail and destroy all copies of the original 
  message.<BR><BR><BR>_______________________________________________<BR>Gnupg-users 
  mailing list<BR>Gnupg-users@gnupg.org<BR><A 
  href="http://lists.gnupg.org/mailman/listinfo/gnupg-users">http://lists.gnupg.org/mailman/listinfo/gnupg-users</A><BR></FONT></P></BLOCKQUOTE></BODY></HTML>
<HTML><BODY><P><FONT color=#000000 face="Arial" size=2>CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.<BR></FONT></BODY></HTML>
--=_58e210ac3a33ed8cce26284dcae8e255--