Automating Decryption using gpg --batch --passphrase-file or gpg --batch --passphrase-fd 0

John Clizbe John at Mozilla-Enigmail.org
Thu Jun 5 06:35:06 CEST 2008


guk guk wrote:
> I tried to automate decryption of pgp files by running this command line in
> windows xp
> gpg --batch --passphrase-fd 0 < passphrase.txt --output "OUTPUT.CSV"
> --decrypt "OUTPUT.CSV.pgp"
> or
> gpg --batch  --passphrase-file passphrase.txt --output "OUTPUT.CSV"
> --decrypt "OUTPUT.CSV.pgp"

The general form is

gpg --batch --passphrase-file <passFile> --output <outputFile> --decrypt <pgpFile>

The first is wrong

    gpg --batch --passphrase-fd 0 --output <> --decrypt <> < <passfileName>

The second looks correct, the quotes around the filenames are generally unneeded
on Win32, but shouldn't break things.

> but it's always failed. It always throw an error
> gpg: encrypted with 2048-bit RSA key, ID , created 2008-05-08
> gpg: public key decryption failed: bad passphrase

The bad passphrase error points to your passphrase file being at fault. Check
that your passphrase file is the same exact length as the passphrase.

Use DIR at a command prompt or any program that will do a hex dump for you.

A <CR><LF> (hex 0x0d0a) at the end of the passphrase in the file will cause the
passphrase to fail. <LF> (0x0a) alone seems to work as well as no line ending at
all.

notepad can be used to create the file without line endings.

These problems go away by removing the passphrase from the key. And remove the
charade that things are all that secure when the passphrase is in a file
readable by anyone with enough access.

-- 
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080604/94f1be12/attachment.pgp>


More information about the Gnupg-users mailing list