batch decryption key identification
John A. Wallace
jw72253 at verizon.net
Tue Nov 1 03:20:24 CET 2011
Hello. On this website
(http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-get-list-of-key-ids-used-
to-encrypt-a-message) I found this FAQ and answer:
Question: How can I get list of key IDs used to encrypt a message?
$ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | \
awk '/^\[GNUPG:\] ENC_TO / { print $3 }'
As it relates in part to my original question below, I want to ask about
this in more detail. Knowing which particular key was used for encryption
would allow me to pinpoint which of the several keys on a key-ring to use
for decryption and would help save much time and effort in the process when
looking at a batch of messages.
I am not a programmer, but I can see that the above command uses the program
'awk' to identify the key used; and I understand that the Gnu program 'gawk'
has equivalent functionality. I have two questions about it. First, using
the above command, whereabouts should I put the "path/filenames.asc" in it
for the command to analyze for decryption, and should I put any other
unlisted parameters in the command for it to complete? I tried testing it
like this:
gpg --batch --decrypt <filename.asc> --list-only --status-fd 1
But I saw nothing output on the screen related to the key used on the file.
The 'filename.asc' tested was just an individual encrypted file, but I later
intend to use this on a batch of files named such as 'path/*.asc'.
Secondly, are the 'gawk' program commands equivalent to the above listed awk
commands, or will I need to alter it in some way? Thanks.
John
-----Original Message-----
From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org]
On Behalf Of gnupg-users-request at gnupg.org
Sent: Tuesday, October 11, 2011 2:58 AM
To: gnupg-users at gnupg.org
Subject: Gnupg-users Digest, Vol 97, Issue 9
[snip]
Message: 8
Date: Tue, 11 Oct 2011 09:35:30 +0200
From: Werner Koch <wk at gnupg.org>
To: "John A. Wallace" <jw72253 at verizon.net>
Cc: gnupg-users at gnupg.org
Subject: Re: key selection in batch decryptions
Message-ID: <87sjn07zgd.fsf at vigenere.g10code.de>
Content-Type: text/plain; charset=us-ascii
On Mon, 10 Oct 2011 23:18, jw72253 at verizon.net said:
> keys in turn. Is there a way to tell gpg to use just one of the keys if
> any? I have tried specifying this as one of the options "-u userID", but
it
No there is no way to do this.
The best suggestion for all automated systems is not to use a
passphrase. If you really want a passphrase and you require full
control over it you have three choices:
- Write your own pinentry and send CANCEL back until the desired
passphrase is requested. Then send the right passphrase.
- Write a simple pinentry to always send a CANCEL back (GnuPG 2.1 will
have an option to emulate this). The use gpg-preset-passphrase to
seed gpg-agent with the desired passphrase.
- Use --status-fd/--command-fd. These options allow you to
pass a passphrase to gpg entirely under script control. They work
even with GnuPG 1.4.
More information about the Gnupg-users
mailing list