problems with gnupg2 and passphrase

Werner Koch wk at gnupg.org
Mon Nov 9 15:25:16 CET 2009 

On Mon,  9 Nov 2009 12:53, jmcneal at fh-eberswalde.de said:

> I'm using GnuPG 2.0.12 (GPG4Win) and have problems in decrypting multiple files with the same passphrase via command prompt. My old GnuPG Version 1.x.x commad was
>
> gpg2.exe --allow-multiple-messages --passphrase geheim --decrypt-files C:\Test\*.gpg

First of all  you should not use --allow-multiple-messages:

  @item --allow-multiple-messages
  @item --no-allow-multiple-messages
  Allow processing of multiple OpenPGP messages contained in a single file
  or stream.  Some programs that call GPG are not prepared to deal with
  multiple messages being processed together, so this option defaults to
  no.  Note that versions of GPG prior to 1.4.7 always allowed multiple
  messages.  
  
  Warning: Do not use this option unless you need it as a temporary
  workaround!
  
> The command doesn't work anymore and I'm getting a popup window for
> entering my passphrase. I'm looking for a command that decrypts
> multiple files with the same passphrase without any additional "ask
> windows". I already searched the manual but didn't found any helpful

gpg2 requires the gpg-agent to handle the secret keys.  The gpg-agent
also caches passphrases, thus you need to enter them only once.  Install
gpg-agent properly so that gpg2 does not fall back to start gpg-agent
for each operation which prohibits the caching.

If you don't want a puinentry popup at all, you may seen the gpg-agent
cahce with passphrases.  See gpg-preset-passphrase for more info:

  SYNOPSIS
       gpg-preset-passphrase [options] [command] keygrip

  DESCRIPTION

       The gpg-preset-passphrase is a utility to seed the internal cache
       of a running gpg-agent with passphrases.  It is mainly useful for
       unattended machines, where the usual pinentry tool may not be
       used and the passphrases for the to be used keys are given at
       machine startup.

       Passphrases set with this utility don't expire unless the
       --forget option is used to explicitly clear them from the cache
       --- or gpg-agent is either restarted or reloaded (by sending a
       SIGHUP to it).  It is necessary to allow this passphrase
       presetting by starting gpg-agent with the
       --allow-preset-passphrase.

       gpg-preset-passphrase is invoked this way:

         gpg-preset-passphrase [options] [command] keygrip

       keygrip is a 40 character string of hexadecimal characters
       identifying the key for which the passphrase should be set or
       cleared.  This keygrip is listed along with the key when running
       the command: gpgsm --dump-secret-keys. One of the following
       command options must be given:

       --preset

              Preset a passphrase.  This is what you usually will
              use. gpg-preset-passphrase will then read the passphrase
              from stdin.

       [...]



Shalom-Salam,

   Werner



-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list