/dev/tty problem and other questions

Rudolf Deilmann rudolf.deilmann at gmail.com
Tue Feb 19 16:19:02 CET 2008

Am Tue, 19 Feb 2008 13:00:51 +0100
schrieb Christoph Anton Mitterer
<christoph.anton.mitterer at physik.uni-muenchen.de>:

> 1) When using a basic test-keyscript like
> #!/bin/sh
> gpg --decrypt "$1"
> and I boot from the initramfs I'll get the following error:
> gpg:cannot open /dev/tty: No such device or address.
> and gpg doesn't offer a prompt to enter the passphares
> Of course I've googled around but I found no practical solution.
> The --no-tty --pasphrase-fd 0 is not a solution as it will print the
> password in cleartext.
> read -s only available in bash but not sh.
> Any ideas here?

a) copy stty to your initial ramdisk 
stty_orig=`stty -g </dev/console`
echo "Enter password for ...."
stty -echo </dev/console
read PASS </dev/console
stty $stty_orig </dev/console
echo "$PASS" | gpg -d --passphrase-fd 0 ....

b) copy bash to your initial ramdisk 

c) usplash_write  (if avaiable)
usplash_write "INPUTQUIET Enter password for ..."
PASS="$(cat /dev/.initramfs/usplash_outfifo)"
echo "$PASS" | gpg -d --passphrase-fd 0 ....

> 4) As I cannot check the return value of gpg if the decryption
> succeeded (the output from the keyscript is piped to cryptsetup) I
> must have other means to check whether the decryption was successful.

Do it in two steps?
CRYPTSETUP_PASS=$(echo "$PASS" | gpg -d --passphrase-fd 0 ...)
if [ "$?" -eq "0" ]; then
  echo "$CRYPTSETUP_PASS" | cryptsetup ......

More information about the Gnupg-users mailing list