I'm trying to script a gpg decryption, and as such need to provide the password on the command line. According to the man page, there are three ways to do this: read from a file using --passphrase-file
, read from stdin (or another file descriptor) using --passphrase-fd 0
, or include in the command line using just --passphrase
. All of the above also require --batch
to be set, which I did.
My most recent command line attempt is:
echo "<password>" | gpg2 --no-tty --batch --passphrase-fd 0 -d -o /<path_to_destination>/$FILE_NAME $FILE
which still pops up a dialog asking for the password. What am I missing here? For reference, if it makes a difference, my password does include some special characters like &
, but it doesn't appear to complain about that. Also, gpg version is 2.1.9:
# gpg2 --version
gpg (GnuPG) 2.1.9
libgcrypt 1.7.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
EDIT: Unlike How to force GPG to use console-mode pinentry to prompt for passwords?, which is simply trying to get a text-based password entry for use in a SSH session, I'm trying to get a completely non-interactive method of using GPG for use in scripting.
Best Answer
I found the solution here: https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase
In a nutshell, I needed to first enable the pinentry "loopback" mode in the gpg-agent by adding the following line to the
~/.gnupg/gpg-agent.conf
file:Then adding the
--pinentry-mode loopback
argument to mygpg2
call