GPG Decrypt Error based on a timeout function?

donnellydw at gmail.com donnellydw at gmail.com
Fri Dec 18 19:25:55 CET 2020 

Angel,
  Yes, I want the script to run unattended, which the gpg process is not the right method, as you say: " you could configure the gpg password in the script, but then that would be roughly equivalent to the email account password."

  Many thanks and stay safe and healthy,
Dave
  

-----Original Message-----
From: Gnupg-users <gnupg-users-bounces at gnupg.org> On Behalf Of Ángel
Sent: Thursday, December 17, 2020 4:53 PM
To: gnupg-users at gnupg.org
Subject: Re: GPG Decrypt Error based on a timeout function?

On 2020-12-17 at 11:28 -0800, Dave via Gnupg-users wrote:
> Good Day,
>   This very novice would appreciate some help.
>  
>   My situation:
>  
> I have a Raspberry Pi 4 computer running the Raspberry Operating 
> System (Raspbian GNU/Linux [buster], Version ID=10) at my home.  I 
> need it to send me an email notification when certain functions are 
> performed.
>  
> To this end, I have configured the mail system called msmtp on the 
> Raspberry Pi 4 computer.  I can send email to my myself via my email 
> account manually and interactively using msmtp on the Raspberry Pi 4 
> computer, with the password not encrypted on the Raspberry Pi 4 
> computer.
>  (...)
> When I run the following command:
>  
> gpg --encrypt -o .msmtp-2d.ionos.gpg -r 2d at daviddonnelly.com -
>  
> I am asked for my passphrase, once entered the file is decrypted and 
> the contents displayed.  I then rerun the command:

Probably a mistake in pasting the same as before. This command wouldn't need the password for the private key. 

> msmtp -t < message.txt
>  
> and the associated e-mail is sent.
>  
> I wait a few minutes and the error repeats itself.
>  
> Is there some sort of timeout associated with gpg? Or my 
> implementation is wrong…or ?
>  	
> Also, I have noticed, at times, gpg will not accept the passphrase 
> until I reboot the Raspberry pi 4.

See gpg-agent settings. The few minutes it works, that's because gpg- agent has the decrypted gpg key cached. You would need to increase that timeout, or let the script provide the password directly to gpg / use a passwordless key. When the sending fails, it should perhaps be asking you to provide the gpg passphrase, my guess is that the way it runs ( --no-tty --batch maybe), it isn't able to launch a pinentry to ask the password to the user.

If you really want the password decryption to be unattended, you could configure the gpg password in the script, but then that would be roughly equivalent to the email account password. It's turtles all way down.

Regards



_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

More information about the Gnupg-users mailing list