Need help doing gpg encryption without prompting for passphrase

Brad Blake BBlake at celgene.com
Mon Sep 27 22:41:49 CEST 2010


Hi all,

I could REALLY use some assistance - I need to encrypt a file with gpg (my server is on version 1.2.6), I need to encrypt it with the public key from our client, and sign it with our private PGP key. I've got this all working (I imported their public key, and sent them our key), so I can run a command like this from the command line to encrypt the file:

gpg --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com" --local-user "myusername at mycompany.com" --sign --encrypt file_to_encrypt.txt

This works fine (and our client is able to decrypt), but it is prompting for my passphrase each time.  We want to set this up to run as an automated process via a script, without prompting for a passphrase.  So I was trying to follow the instructions here:  http://www.gnupg.org/faq.html#q4.14

Here are the steps I just ran:

1.       I ran the command "gpg --edit-key myusername at mycompany.com<mailto:myusername at mycompany.com>", then specified "addkey", selected the DSA key type.  It prompted me for my passphrase, and ran successfully, so I saved and quit.

2.       I ran the command "gpg --export-secret-subkeys --no-sk-comments  > secring.auto" that generated the secring.auto file, that I assume I need to email to the client to import on their side?  (when I tried to run it just like in step 3 on the website, I got errors, and not sure if I need to follow steps 4-7?)

3.       Now to try and encrypt without a passphrase, I tried this command (same command as above, just added the flag --batch"):

a.       gpg --batch --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com<mailto:pgpadmin at ourclient.com>" --local-user myusername at mycompany.com<mailto:myusername at mycompany.com>" --sign --encrypt file_to_encrypt.txt

b.      And I am seeing this error:

$ gpg --batch --armor --output encrypted_file.gpg --recipient "pgpadmin at ourclient.com<mailto:pgpadmin at ourclient.com>" --local-user "myusername at mycompany.com<mailto:myusername at mycompany.com>" --sign --encrypt file_to_encrypt.txt
gpg: can't query password in batchmode
gpg: skipped `myusername at mycompany.com': bad passphrase
gpg: file_to_encrypt.txt: sign+encrypt failed: bad passphrase

Are you able to help me with this?  I appreciate any assistance you can offer, thanks!!!  Am I just missing something simple?  Am I better off to delete and recreate the keys?

Thank you,
Brad Blake




*********************************************************
THIS ELECTRONIC MAIL MESSAGE AND ANY ATTACHMENT IS
CONFIDENTIAL AND MAY CONTAIN LEGALLY PRIVILEGED
INFORMATION INTENDED ONLY FOR THE USE OF THE INDIVIDUAL
OR INDIVIDUALS NAMED ABOVE. 
If the reader is not the intended recipient, or the
employee or agent responsible to deliver it to the
intended recipient, you are hereby notified that any
dissemination, distribution or copying of this
communication is strictly prohibited. If you have
received this communication in error, please reply to the
sender to notify us of the error and delete the original
message. Thank You.
********************************************************* 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100927/91fe8e30/attachment-0001.htm>


More information about the Gnupg-users mailing list