I am extracting data to .psv files through a script. These .psv files have to be encrypted and SFTPed to antoher server location. But the extracted psv files are not getting encrypted. It is throwing the following error:
gpg: Invalid option "--trust-model"
I am using the following command
gpg -r 'abc#def.com' --encrypt --trust-model always $File_Name
Please help.
Thanks.
I've never seen the --trust-model always option myself, but I think you need to specify the file name last (or at least following the --encrypt option). So, try this:
gpg -r 'abc#def.com' --trust-model always --encrypt $File_Name
I have seen, but never personally used the --always-trust option, so here's another thing you can try:
gpg -r 'abc#def.com' --always-trust --encrypt $File_Name
I always add "trust" to every key I add to my ring so I'm not familiar with either of these options.
Related
Most other GPG commands allow you to use --batch mode, but it doesn't appear to be the case when trying to edit a passphrase.
You have to run gpg --edit-key user
Which opens up an interactive GPG prompt.
This isn't going to work in my case as I need the ability to change the passphrase without the command line interaction.
The closest thing I've found is
gpg --batch --passphrase-fd 0 --status-fd 2 --command-fd 0 --edit-key
But this just gives me an invalid command after I enter the existing passphrase.
Any suggestions greatly appreciated.
I just encountered this problem while writing a key-gen script and came up with a solution!
A few things to note:
Lots of folks point towards --batch because --passphrase* requires it. In this case we'll be working with STDIN (as specified by --command-fd 0) and thus want to pass raw input rather than messing with the GnuPG functions.
While --status-fd 2 is useful for debugging, it isn't necessary. That said, including it lead me to the insight that --change-passphrase is requesting two, and only two, entries.
Set --pinentry-mode loopback to avoid having a prompt asking for your passphrase.
The solution is to pipe (or redirect) both the original and new passphrases to STDIN where GnuPG can processes them. While my initial code used (echo ..;echo ..)|gpg .. it is better to use a here-document.
# Using GnuPG to change PGP key passphrase non-interactively
gpg --command-fd 0 --pinentry-mode loopback \
--change-passphrase ${KEYID} <<END
${OLD_PASS}
${NEW_PASS}
END
Just set up the variables and that should work. Enjoy!
Am trying to decrypt an encrypted file, I have all the keys in place (secret and public), I don't know why its not generating output file. Following are the commands am running. I know there are several post already there but I cant refer them until and unless any error flashes on my command prompt.
gpg --list-secret-keys
Its listing secret keys
gpg --list-keys
Its listing all keys
gpg --import "c:\folder_location\name_PublicKey.gpg"
successfully imported keys
gpg --batch --yes --passphrase my_passphrase --local-user "mycomp name
" -o "c:\folder_location\filenameTEST.txt" -d
"c:\folder_location\ENCRYPTEDFILE.txt.gpg"
Am not able to decrypt file on command line, There is no error reported on command prompt. Command remains Active all the time, needed force close.
Anything am missing here to check? any suggestions?
There was no issue with my command, actual problem was CR and LF control characters (new line). When I removed those characters, decryption worked without any errors! GPG never detected these characters and statement got parsed without any error, and later command froze without any error/output.
I want to encrypt an xml file and I am using gpg4win (kleopatra).
Using the kleopatra interface I set an option to produce files with extension pgp instead of gpg which is the default extension.
I am trying to create a pgp file from command line using the command
gpg -r test#test.gr -se C:\temp\myfile.xml
because I need to submit it in a web app that accepts pgp only.
I have tried to put some other options in the command but I always get a gpg file. How can I produce a pgp file from command line?
This may not be the same process as others, but this worked for me:
gpg --batch --yes --recipient "user" --output "fulldirectory\filename.txt.pgp" --encrypt "fulldirectory\filename.txt"
GnuPG syntax for encryption is stated here. You can simply use the --output [filename].[suffix] parameter.
So go with gpg --encrypt C:\temp\myfile.xml --recipient test#test.gr --output C:\temp\myfile.pgp.
Please note that .pgp is actually the suffix for a key not an encrypted file. See here.
I would like to encrypt a string without writing it to a file.
The way to encrypt a file using GPG is
gpg --encrypt --sign --armor -r <target#email.com> -r <sender#email.com> <filename.txt>
What I want would like is to be able to simply type in a string or a series of numbers where filename.txt is, and have it encrypt that into a file.
gpg --encrypt --sign --armor -r <target#email.com> -r <sender#email.com> <"this is a string that needs to be encrypted">
Is there a way to do this, or is passing in the filename.txt required?
I'm not aware of any option that allows you to pass input as a parameter, but you can simply use a pipe instead:
echo 'foo bar' | gpg -r target#example.com --encrypt
You can of course add all the additional options and commands you used. By using a pipe, the output is not stored as an intermediate file, but echos stdout and gpgs stdin get connected using a small in-memory buffer.
If you are using bash, you can use the HEREDOC syntax, which is useful for multiline strings. You can just copy and paste the multiline string without having to worry about escaping.
gpg -r target#email.com --encrypt -o out.gpg << 'HEREDOC'
first line
second line
HEREDOC
i am struggling with a gpg problem for a few days and cant figure out a solution by my own. i would be glad if you could help me out with the following issue:
i need to decrypt a gpg file in php. for that, i am using the following command:
cat passphrase.txt | /usr/local/bin/gpg --decrypt --passphrase-fd 0 stammdaten.txt.gpg>stammdaten.txt
the passphrase.txt contains the password for decryption
stammdaten.txt.gpg is the encrypted file
the decrypted data will be written in stammdaten.txt
when i run this command in php:
shell_exec=("cat passphrase.txt | /usr/local/bin/gpg --decrypt --passphrase-fd 0 stammdaten.txt.gpg>stammdaten.txt")
i get a zero-byte output file (stammdaten.txt) with owner=ftpadmin and group=psacln
but when i execute the same command via ssh terminal (as root), the data will be decrypted and written correctly with file owner=root and group=root.
i think, that this is a permission problem. how can i use that command in php correctly? i also tried to chown and chgrp with the ftprightson the decrypted file, but nothing seems to help.
every answer is highly appreciated. thanks!
finally i got it to work:
first of all, i changed the gpg command for decryption with echoing the passphrase into stdin:
$passphrase = utf8_decode('mypassphrase');
$encrypted = 'fullsystempathtogpgfile.gpg';
"echo '$passphrase' | /usr/local/bin/gpg -v -v --batch --passphrase-fd 0 --no-default-keyring $encrypted";
before executing with shell_exec i needed to change the homedir of gpg:
before it was set with:
putenv("GNUPGHOME=/var/www/.gnupg");
but obviously the php user (in my case "ftpadmin", found out with "whoami") has no permission to access that directory, so i copied the .gpg folder into my new created php user folder: /home/ftpadmin (with 777 perms) and changed the GNUPGHOME:
putenv("GNUPGHOME=/home/ftpadmin/.gnupg");
now i am able to decrypt the gpg files with php. maybe you could find some help for your similar issue. thanks again for every answer.
You can try to use
cat passphrase.txt | /usr/local/bin/gpg --output stammdaten.txt --decrypt --passphrase-fd 0 stammdaten.txt.gpg
instead.
Another thing you can try is to run this command in the shell as ftpadmin in the directory where your stammdaten.txt file is to make sure it is not a file permission problem.
su ftpadmin
cat passphrase.txt | /usr/local/bin/gpg --output stammdaten.txt --decrypt --passphrase-fd 0 stammdaten.txt.gpg