I want to encrypt an xml file and I am using gpg4win (kleopatra).
Using the kleopatra interface I set an option to produce files with extension pgp instead of gpg which is the default extension.
I am trying to create a pgp file from command line using the command
gpg -r test#test.gr -se C:\temp\myfile.xml
because I need to submit it in a web app that accepts pgp only.
I have tried to put some other options in the command but I always get a gpg file. How can I produce a pgp file from command line?
This may not be the same process as others, but this worked for me:
gpg --batch --yes --recipient "user" --output "fulldirectory\filename.txt.pgp" --encrypt "fulldirectory\filename.txt"
GnuPG syntax for encryption is stated here. You can simply use the --output [filename].[suffix] parameter.
So go with gpg --encrypt C:\temp\myfile.xml --recipient test#test.gr --output C:\temp\myfile.pgp.
Please note that .pgp is actually the suffix for a key not an encrypted file. See here.
Related
Am trying to decrypt an encrypted file, I have all the keys in place (secret and public), I don't know why its not generating output file. Following are the commands am running. I know there are several post already there but I cant refer them until and unless any error flashes on my command prompt.
gpg --list-secret-keys
Its listing secret keys
gpg --list-keys
Its listing all keys
gpg --import "c:\folder_location\name_PublicKey.gpg"
successfully imported keys
gpg --batch --yes --passphrase my_passphrase --local-user "mycomp name
" -o "c:\folder_location\filenameTEST.txt" -d
"c:\folder_location\ENCRYPTEDFILE.txt.gpg"
Am not able to decrypt file on command line, There is no error reported on command prompt. Command remains Active all the time, needed force close.
Anything am missing here to check? any suggestions?
There was no issue with my command, actual problem was CR and LF control characters (new line). When I removed those characters, decryption worked without any errors! GPG never detected these characters and statement got parsed without any error, and later command froze without any error/output.
I've decrypted a file successfully using:
gpg --encrypt --recipient user#company.com myfile.txt
If I run the command below, I'm prompted for a passphrase, and decryption works:
gpg --output decrypted_myfile.txt -decrypt myfile.txt.gpg
I can't seem to get any form of non-interactive decryption working. The closest I've come is:
gpg --decrypt --batch --passphrase MYPASSPHRASE myfile.txt.gpg
This gives me:
gpg: encrypted with 2048-bit RSA key, ID F6CF3C25, created 2016-03-17
"Company_20210316 (Incoming Files) <user#company.com>"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key
Is there a different way to do it?
Having error like:
gpg: decryption failed: No secret key
simply means that you don't have a private or secret key in your gpg keyring. You may want to check first if:
gpg --list-secret-keys if it has a private key there and if not,
Import it and then trust it.
To trust, use:
gpg --key-edit <yourKey> then "trust" then "5" then "quit"
To get your keyID run:
gpg --edit-key <yourKey> then
On the first line you'll see: "Private key available"
Then two sub-keys on the left of the fist, you'll see similar to:
sec rsa2048/E7E43C5C844E2917
and the part on a right after slash - will be your
E7E43C5C844E2917
So to explicitly export from where it was generated, the key to a file, you need to use that like this:
gpg --export-secret-keys --armor E7E43C5C844E2917>yourSecretKey.asc
This will create a secret key in a file ONLY, unlike if you use keyname in the export call. Then it will contain more than that.
Then to import use:
gpg --import yourSecretKey.asc
Then check your key in the list updated. Add a trust if needed.
Then line to decrypt copied from terminal of my MAC and tested works, w/ no prompt:
gpg --batch --passphrase MyPassphrase -o test.tt7 -d CE.txt.gpg
NOTE that: -d is the same as --decrypt and
-o the same as --output
And the value of the passphrase is the actual value I used in my test to decrypt the above and not the variable. The same created during the time key generated, and actual recommendation is to use a longer set of characters but actually any number is accepted.
Having error like: gpg: decryption failed: No secret key simply means that you don't have a private or secret key in your gpg keyring. You may want to check first if gpg -k (same as gpg --list-keys) has a private key there and import it and then trust it,
To add trust, use "1 to 5":
gpg --key-edit <yourKey>
then trust then 5 then `quit
To get your keyID run:
gpg --edit-key <yourKey>
then first line you'll see: Private key available
then two sub-keys on the left of the fist you'll see
sec rsa2048/E7E43C5C844E2917
and the part on a right after slash - will be your <keyID> E7E43C5C844E2917
so, to explicitly export from where it was generated, the key to a file you need to use that like:
gpg --export-secret-keys --armor E7E43C5C844E2917>yourSecretKey.asc
this will create secret key in a file ONLY, unlike if you use keyname in the export call then it will contain more than that.
Then to import use:
gpg --import E7E43C5C844E2917
then check your key in the list updated. Add trust if needed.
Then line to decrypt copied from terminal of my MAC and tested works, w/ no prompt:
gpg --batch --passphrase MyPassphrase -o test.tt7 -d CE.txt.gpg
NOTE that: -d is the same as --decrypt just like -o is the same as --output
You can try this command:
gpg --output File.txt --batch--passphrase-fd YourPassword --decrypt file.pgp
I would like to encrypt a string without writing it to a file.
The way to encrypt a file using GPG is
gpg --encrypt --sign --armor -r <target#email.com> -r <sender#email.com> <filename.txt>
What I want would like is to be able to simply type in a string or a series of numbers where filename.txt is, and have it encrypt that into a file.
gpg --encrypt --sign --armor -r <target#email.com> -r <sender#email.com> <"this is a string that needs to be encrypted">
Is there a way to do this, or is passing in the filename.txt required?
I'm not aware of any option that allows you to pass input as a parameter, but you can simply use a pipe instead:
echo 'foo bar' | gpg -r target#example.com --encrypt
You can of course add all the additional options and commands you used. By using a pipe, the output is not stored as an intermediate file, but echos stdout and gpgs stdin get connected using a small in-memory buffer.
If you are using bash, you can use the HEREDOC syntax, which is useful for multiline strings. You can just copy and paste the multiline string without having to worry about escaping.
gpg -r target#email.com --encrypt -o out.gpg << 'HEREDOC'
first line
second line
HEREDOC
I am extracting data to .psv files through a script. These .psv files have to be encrypted and SFTPed to antoher server location. But the extracted psv files are not getting encrypted. It is throwing the following error:
gpg: Invalid option "--trust-model"
I am using the following command
gpg -r 'abc#def.com' --encrypt --trust-model always $File_Name
Please help.
Thanks.
I've never seen the --trust-model always option myself, but I think you need to specify the file name last (or at least following the --encrypt option). So, try this:
gpg -r 'abc#def.com' --trust-model always --encrypt $File_Name
I have seen, but never personally used the --always-trust option, so here's another thing you can try:
gpg -r 'abc#def.com' --always-trust --encrypt $File_Name
I always add "trust" to every key I add to my ring so I'm not familiar with either of these options.
If I run gpg to sign and encrypt a file from the command line, it works. I have an application that tries the same and I get the following error. The application has worked signing and encrypting before, so I do not think that it is a permission issue. Any ideas?
Running on windows. GnuPG 1.4.2.2
gpg: keyblock resource C:/Program Files/GNU/GnuPG" --output D:/WEA/ACH/milw472b.gpg --yes --batch --armor --recipient JPMC_ECS_PROD_2015 --default-key wea#weatrust.com --passphrase-fd 0 --no-verbose --sign --encrypt D:/WEA/ACH/ACH \secring.gpg': file open error
gpg: keyblock resourceC:/Program Files/GNU/GnuPG" --output D:/WEA/ACH/milw472b.gpg --yes --batch --armor --recipient JPMC_ECS_PROD_2015 --default-key wea#weatrust.com --passphrase-fd 0 --no-verbose --sign --encrypt D:/WEA/ACH/ACH \pubring.gpg': file open error
gpg: no valid OpenPGP data found.
gpg: processing message failed: eof
Why is your program including the paths to the public and secret keyrings? GPG should find them in the home directory, if you're using a different location for those files then you either need to specify the new home directory (with the --homedir flag) or prepend the two keyring files with the relevant flags (--keyring and --secret-keyring).
As it is, that command appears to be trying to encrypt your public and secret keyrings to the "JPMC_ECS_PROD_2015" recipient. If "JPMC_ECS_PROD_2015" is not a group name (specified in the gpg.conf file) or specified elsewhere in the code for your program, then that will generate errors relating to an invalid recipient (or recipient format).