Geek Answers Handbook

Decoding a GPG line from the command line

I am trying to write a console application that will decrypt the gpg signature upon request. Everything will be fine, EXCEPT for the part where it asks for my GPG password. How can I call gpg --decrypt from the command line without a password dialog?

Here is my code:

 var startInfo = new ProcessStartInfo("gpg.exe"); startInfo.Arguments = "--decrypt"; //this is where I want to insert "--passphrase MyFakePassword" startInfo.CreateNoWindow = true; startInfo.UseShellExecute = false; startInfo.RedirectStandardInput = true; startInfo.RedirectStandardOutput = true; startInfo.RedirectStandardError = true; startInfo.WorkingDirectory = @"C:\Program Files (x86)\GNU\GnuPG"; var proc = Process.Start(startInfo); var sCommandLine = stringData + "\n"+(char)26+"\n"; //stringData is the encrypted string proc.StandardInput.WriteLine(sCommandLine); proc.StandardInput.Flush(); proc.StandardInput.Close(); var result = proc.StandardOutput.ReadToEnd();

I tried using --passphrase MyFakePassword , --passphrase-fd MyFakePassword and even --passphrase-fd 0 with my password in the first line of input. I would like not to put my password in a txt file on a machine that runs this code, if at all possible.

Thanks in advance for your help.

+6
source share
4 answers

I did a little work. Some months ago, someone reported this as a bug on the Gpg4Win forums. The only solutions at the moment are to roll back from 2.1.0 to the previous version (in my case this is not an option), disable the password for the key, or transfer it from the text. Here's the forum post: http://wald.intevation.org/forum/forum.php?thread_id=1116&forum_id=21&group_id=11 There are no comments from the development team.

+2
source

Use the --batch --passphrase-fd options together, .eg gpg2 --batch --passphrase-fd 0 --armor --decrypt /path/to/encrypted_file.pgp

In your code after proc.StandardInput.WriteLine(sCommandLine); add the following:

 proc.StandardInput.WriteLine("your passphrase here"); proc.StandardInput.Flush();
+3
source

To avoid the dialog password, try this method, I use it and it worked fine, you will find more details.

http://www.systemdeveloper.info/2013/11/decrypt-files-encrypted-with-gnupg-from.html

  public static string DecryptFile(string encryptedFilePath) { FileInfo info = new FileInfo(encryptedFilePath); string decryptedFileName = info.FullName.Substring(0, info.FullName.LastIndexOf('.')) + "Dec.TXT"; string encryptedFileName = info.FullName; string password = System.Configuration.ConfigurationManager.AppSettings["passphrase"].ToString(); System.Diagnostics.ProcessStartInfo psi = new System.Diagnostics.ProcessStartInfo("cmd.exe"); psi.CreateNoWindow = true; psi.UseShellExecute = false; psi.RedirectStandardInput = true; psi.RedirectStandardOutput = true; psi.RedirectStandardError = true; psi.WorkingDirectory = @System.Configuration.ConfigurationManager.AppSettings["WorkingDirectory"].ToString(); System.Diagnostics.Process process = System.Diagnostics.Process.Start(psi); string sCommandLine = @"echo " + password + "|gpg.exe --passphrase-fd 0 --batch --verbose --yes --output " + decryptedFileName + @" --decrypt " + encryptedFileName; process.StandardInput.WriteLine(sCommandLine); process.StandardInput.Flush(); process.StandardInput.Close(); process.WaitForExit(); //string result = process.StandardOutput.ReadToEnd(); //string error = process.StandardError.ReadToEnd(); process.Close(); return decryptedFileName; }
+1
source

Note. Doing this is a security risk!

Anyway,

passphrase when signing or decrypting, if you do not use symmetric encryption. The following options are displayed on the manual page:


- string of passphrase

Use string as a key phrase. This can only be used if only one passphrase is provided. Obviously, this is a very dubious security for a multi-user system. Do not use this option if you can avoid it.

- passphrase-fd n

Read the passphrase from file descriptor n. Only the first line will be read from file descriptor n. If you use 0 for a passphrase, it will reckon with stdin. This can only be used if only one passphrase is supplied.

 --passphrase-file file

Read the passphrase from the file. Only the first line will be read from the file file. This can only be used if only one passphrase is provided. Obviously, the stored passphrase in a file is of dubious security if other users can read this file. Do not use this option if you can avoid it.

The official pgp command-line utility offers this feature with the -z flag:

pgp -esa $ SOURCEFILE $ RECIPIENTPUBLICKEY -u $ SENDERPRIVATEKEY -z $ PassPhrase

0
source

More articles:


All Articles