Command-Line GPG – Encrypt with Key Passed as CLI Argument

command lineencryptiongpg

I want to create a script that would automatically encrypt and push to GitHub into public repo some sensible files I don't want to expose (but do want to keep together with the whole project).

As a solution I decided to encrypt them with GPG. The issue is that I can't find any clues on how to encrypt a particular file with a passphrase passed as a CLI argument to a gpg -c command.

Does anybody know how to do this?

Best Answer

Use one of the --passphrase-... options, in batch mode:

--passphrase-fd reads the passphrase from the given file descriptor

  echo mysuperpassphrase | gpg --batch -c --passphrase-fd 0 file

--passphrase-file reads the passphrase from the given file

  echo mysuperpassphrase > passphrase
  gpg --batch -c --passphrase-file passphrase file

--passphrase uses the given string

  gpg --batch -c --passphrase mysuperpassphrase file

These will all encrypt file (into file.gpg) using mysuperpassphrase.

With GPG 2.1 or later, you also need to set the PIN entry mode to “loopback”:

gpg --batch -c --pinentry-mode loopback --passphrase-file passphrase file

etc.

Decryption can be performed in a similar fashion, using -d instead of -c, and redirecting the output:

gpg --batch -d --passphrase-file passphrase file.gpg > file

etc.

Best Answer

Related Solutions

Gpg: “secret key not available” when sec & pub key are in keyring

Related Question