Home » gpg asks for password even with –passphrase

gpg asks for password even with –passphrase

Solutons:


I am in your exact same boat (it worked on Fedora but not Ubuntu). Here is an apparent work around I discovered:

echo your_password | gpg --batch --yes --passphrase-fd 0 your_file.gpg

Explanation: Passing 0 causes --passphrase-fd to read from STDIN rather than from a file. So, piping the passphrase will get --passphrase-fd to accept your specified password string.

Upgraded 2017-12-04. (Adding –batch in order to prevent passphrase prompt)

You may have to add --batch option:

And. is you use recipient key pair you may have to add --pinentry-mode loopback too.

From version 2 of GPG, the option --batch is needed to ensure no prompt…
Ok, looking that:

$ gpg --version
gpg (GnuPG) 2.1.18
libgcrypt 1.7.6-beta
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/user /.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Trying:

$ newdir=$(mktemp -d)
$ cd $newdir
$ seq 1 10 | gpg -c --batch --passphrase 1234 -o file.gpg -
$ ls -ltr
total 4
-rw-r--r-- 1 user  user  91 Dec  4 15:42 file.gpg
$ hd file.gpg 
00000000  8c 0d 04 07 03 02 ea fa  d0 d3 2b 9a ea 06 df d2  |..........+.....|
00000010  4a 01 ed 50 74 ff 27 45  0e 6c 94 74 db e9 8a a5  |J..Pt.'E.l.t....|
00000020  03 9f 67 a0 73 97 e9 15  6b 56 a0 f0 88 71 85 a8  |..g.s...kV...q..|
00000030  dc 41 71 9f fa 3b f9 9d  af ac 80 eb f4 f7 28 19  |.Aq..;........(.|
00000040  9f be 75 47 e6 d8 00 3e  f6 60 f1 00 5e 63 57 ef  |..uG...>.`..^cW.|
00000050  14 c3 4b 20 ff 94 03 03  c1 fc 98                 |..K .......|
0000005b

sound good! Well, now:

$ gpg -d --batch --passphrase 1234 file.gpg
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
1
2
3
4
5
6
7
8
9
10

While no -d parameter is given (same syntaxe as SO’s question), decrypted datas from file.gpg will be extracted to a new file.

$ gpg --batch --passphrase 1234 file.gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: AES encrypted data
gpg: encrypted with 1 passphrase

$ ls -ltr
total 8
-rw-r--r-- 1 user  user  91 Dec  4 15:42 file.gpg
-rw-r--r-- 1 user  user  21 Dec  4 15:44 file

$ cat file
1
2
3
4
5
6
7
8
9
10

This work well!

$ cd -
$ rm -fR $newdir
$ unset newdir

For recipient keyfile:

First clean tempo creation

newdir=$(mktemp -d)
cd $newdir
export GNUPGHOME=$newdir
echo YourPassword >password.txt
gpgconf --kill gpg-agent  # Required, if agent_genkey fail...
gpg --generate-key --batch <<eoGpgConf
    %echo Started!
    Key-Type: default
    Key-Length: default
    Subkey-Type: default
    Name-Real: Full Name There
    Name-Comment: Something funny
    Name-Email: user@example.com
    Expire-Date: 0
    Passphrase: $(<password.txt)
    %commit
    %echo Done.
eoGpgConf

gpg: keybox '/tmp/tmp.xU5Ldyr4iB/pubring.kbx' created
gpg: Started!
gpg: agent_genkey failed: No such file or directory
gpg: key generation failed: No such file or directory
gpg: Done.

Hmm.

gpgconf --kill gpg-agent
    gpg --generate-key --batch <<eoGpgConf
    %echo Started!
    ...
eoGpgConf
gpg: Started!
gpg: key 43E6B96CAFABDEDF marked as ultimately trusted
gpg: directory '/tmp/tmp.xU5Ldyr4iB/openpgp-revocs.d' created
gpg: revocation certificate stored as '/tmp/tmp.xU5Ldyr4iB/openpgp-revocs.d/DF223E1612CF917DC3BD42AA43E6B96CAFABDEDF.rev'
gpg: Done.

Then now

gpg -k
/tmp/tmp.xU5Ldyr4iB/pubring.kbx
-------------------------------
pub   rsa3072 2020-06-19 [SC]
      DF223E1612CF917DC3BD42AA43E6B96CAFABDEDF
uid           [ultimate] Full Name There (Something funny) <user@example.com>
sub   rsa3072 2020-06-19 [E]

Then last 8char from pub fingerprint could be used as key alias.

gpg -k user@example.com| sed -e '/^pub/{N;s/.*(.{16})/1/;p;s/^.{8}//;q};d' 
43E6B96CAFABDEDF
AFABDEDF

Ok, now!

seq -f %'8g 990 5 1015 |
    gpg --batch --armor --recipient AFABDEDF --encrypt --output file.gpg

or

seq -f %'8g 990 5 1015 | gpg --batch -aer 43E6B96CAFABDEDF -o file.gpg 

Will give:

cat file.gpg
-----BEGIN PGP MESSAGE-----

hQEOA5BNpEVKPGsfEAP/XutJp7ME3I1MqG0vZyIS8w+npPQMPicIpQUwM4OVO1rX
2lhrymp0zGqxAH7s9Dh9YJNRA/9zYCO4/vghtnnl/zg10vILs9btgLXY+aupgoQ9
nifnVC8JJ1DC+hZZrIHyzS73BsjufWhpbwURYc7EgIMGKu2TRiy5I8+0aZ4zAtID
/ApL0sTBQ9hqmIatzaYbX9ajmDf1vvtE2/s3MUFA/hIqew2MVMhlb4RjyT7ix03P
LmCH2Mfy88VGr59eSUoZq+CPMDSZpXxbE2LfyPHYsObraO+a6FdVHhj2xcw/tnDO
TcNHTKnTRJSb9sfLAtJmE9eaxebkl27T+UvqyJUG4dgu0lABadboNaEidlrCYLNi
icR19UX0G7E50+i3iKvw0u81YtciYyOnpHvgazb5QbqJNN5P8izC4J3FqW7HaTDI
xnf+8IaX2Vqrq5+k4qLR7h5Vcw==
=1fb5
-----END PGP MESSAGE-----

Then

gpg --decrypt --pinentry-mode loopback --passphrase-file password.txt --batch file.gpg

or

gpg -d --pinentry-mode loopback --passphrase-file password.txt --batch file.gpg

will render:

gpg: encrypted with 3072-bit RSA key, ID 58020687E0746339, created 2020-06-19
      "Full Name There (Something funny) <user@example.com>"
     990
     995
   1'000
   1'005
   1'010
   1'015

For gpg version 2.x you don’t need to use --batch, just

--pinentry-mode loopback  

works with --passphrase & --passphrase-file, and will let you enter new info, in case of filename conflicts for example:

gpg --pinentry-mode loopback --passphrase-file=file encrypted.gpg

...
File 'encrypted' exists. Overwrite? (y/N)n
Enter new filename: f2

unlike --batch that will quickly fail, saying ...failed: File exists

(tested on Debian Stable/Stretch’s gpg 2.1.18. This behaviour of ignoring important --passphrase options really should be a bug, if it isn’t already)

Related Solutions

Joining bash arguments into single string with spaces

[*] I believe that this does what you want. It will put all the arguments in one string, separated by spaces, with single quotes around all: str="'$*'" $* produces all the scripts arguments separated by the first character of $IFS which, by default, is a space....

AddTransient, AddScoped and AddSingleton Services Differences

TL;DR Transient objects are always different; a new instance is provided to every controller and every service. Scoped objects are the same within a request, but different across different requests. Singleton objects are the same for every object and every...

How to download package not install it with apt-get command?

Use --download-only: sudo apt-get install --download-only pppoe This will download pppoe and any dependencies you need, and place them in /var/cache/apt/archives. That way a subsequent apt-get install pppoe will be able to complete without any extra downloads....

What defines the maximum size for a command single argument?

Answers Definitely not a bug. The parameter which defines the maximum size for one argument is MAX_ARG_STRLEN. There is no documentation for this parameter other than the comments in binfmts.h: /* * These are the maximum length and maximum number of strings...

Bulk rename, change prefix

I'd say the simplest it to just use the rename command which is common on many Linux distributions. There are two common versions of this command so check its man page to find which one you have: ## rename from Perl (common in Debian systems -- Ubuntu, Mint,...

Output from ls has newlines but displays on a single line. Why?

When you pipe the output, ls acts differently. This fact is hidden away in the info documentation: If standard output is a terminal, the output is in columns (sorted vertically) and control characters are output as question marks; otherwise, the output is...

mv: Move file only if destination does not exist

mv -vn file1 file2. This command will do what you want. You can skip -v if you want. -v makes it verbose - mv will tell you that it moved file if it moves it(useful, since there is possibility that file will not be moved) -n moves only if file2 does not exist....

Is it possible to store and query JSON in SQLite?

SQLite 3.9 introduced a new extension (JSON1) that allows you to easily work with JSON data . Also, it introduced support for indexes on expressions, which (in my understanding) should allow you to define indexes on your JSON data as well. PostgreSQL has some...

Combining tail && journalctl

You could use: journalctl -u service-name -f -f, --follow Show only the most recent journal entries, and continuously print new entries as they are appended to the journal. Here I've added "service-name" to distinguish this answer from others; you substitute...

how can shellshock be exploited over SSH?

One example where this can be exploited is on servers with an authorized_keys forced command. When adding an entry to ~/.ssh/authorized_keys, you can prefix the line with command="foo" to force foo to be run any time that ssh public key is used. With this...

Why doesn’t the tilde (~) expand inside double quotes?

The reason, because inside double quotes, tilde ~ has no special meaning, it's treated as literal. POSIX defines Double-Quotes as: Enclosing characters in double-quotes ( "" ) shall preserve the literal value of all characters within the double-quotes, with the...

What is GNU Info for?

GNU Info was designed to offer documentation that was comprehensive, hyperlinked, and possible to output to multiple formats. Man pages were available, and they were great at providing printed output. However, they were designed such that each man page had a...

Set systemd service to execute after fstab mount

a CIFS network location is mounted via /etc/fstab to /mnt/ on boot-up. No, it is not. Get this right, and the rest falls into place naturally. The mount is handled by a (generated) systemd mount unit that will be named something like mnt-wibble.mount. You can...

Merge two video clips into one, placing them next to each other

To be honest, using the accepted answer resulted in a lot of dropped frames for me. However, using the hstack filter_complex produced perfectly fluid output: ffmpeg -i left.mp4 -i right.mp4 -filter_complex hstack output.mp4 ffmpeg -i input1.mp4 -i input2.mp4...

How portable are /dev/stdin, /dev/stdout and /dev/stderr?

It's been available on Linux back into its prehistory. It is not POSIX, although many actual shells (including AT&T ksh and bash) will simulate it if it's not present in the OS; note that this simulation only works at the shell level (i.e. redirection or...

How can I increase the number of inodes in an ext4 filesystem?

It seems that you have a lot more files than normal expectation. I don't know whether there is a solution to change the inode table size dynamically. I'm afraid that you need to back-up your data, and create new filesystem, and restore your data. To create new...

Why doesn’t cp have a progress bar like wget?

The tradition in unix tools is to display messages only if something goes wrong. I think this is both for design and practical reasons. The design is intended to make it obvious when something goes wrong: you get an error message, and it's not drowned in...