I'm trying to encrypt symmetrically (with gpg) a file from a cron job. The line in my script doing this is :
c/usr/bin/gpg --no-tty -vv --exit-on-status-write-error --batch --passphrase-file /home/backup/full/pass --cipher-algo AES256 --symmetric fullbackup.tar.bz2 > error.log 2>&1
It's working well when I execute the script from prompt, but not from crontab.
I tried with or without the options --no-tty,--batch,--quiet,--passphrase-fd 0 with an cat passfile, --passphrase-file /gpg/mypass and others tricks found on other topics (here). Nothing works. The script is ran from crontab as root.
Adding a logfile with 2>&1 >error.log doesn't help as the file (70 bytes) is populated with random binary characters.
I'm on debian with gpg 1.4.12.
What else can I try?
Here is the script :
#!/bin/bash
#creating the tar
tar -cpjf /home/backup/full/fullbackup.tar.bz2 --directory=/to_backup
#enc it
/usr/bin/gpg --no-tty -vv --exit-on-status-write-error --batch --passphrase-file /home/backup/full/pass --cipher-algo AES256 --symmetric fullbackup.tar.bz2 > error.log 2>&1
#[...] ftp upload
As pointed out by Jens Erat, gpg was needing the full path to the file to encrypt.
Related
I am new to linux and I am trying to do the following:
I have a folder, that I want first to compress in a tar then to encrypt it with gpg and all of this is while running a command (no interactive GUI with the machine). All I find now in the internet are GUIs that show up and ass you to type the password
tar -cvf archive.tar <directory>
gpg -c archive.tar <target-directory>
I keep reading the options of the gpg command but i don't understand how to find the equivalent of 7za :
7za a -p <my-password>
this is what I want only to insert the password as part of the command.
Do you have any pointers?
thank you
My gpg is working fine
gpg -c /home/abcd/test.text
Its asking my the password 2 times and works fine but it gave the error when I was trying
while IFS="," read -r rec_column1 rec_column2
do
gpg -c /home/abcd/test.txt
done < <(tail -n +1 list.csv)
any help
The error is
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
pinentry-curses: no LC_CTYPE known - assuming UTF-8
pinentry-curses: no LC_CTYPE known - assuming UTF-8
I have attempted to write a bash script to decrypt a gpg file and output the result (so I can copy the password into an application). Afterwards it wipes the file.
Outside of a bash script the passphrase is successfully prompted for.
However, when I run the bash script it jumps straight to outputing the file contents without prompting for the passphrase?
The script is below.
I am just starting out with scripting - please can someone tell me where I am going wrong?
thanks
1 ###################################
2 # securely decrypt password file and delete
3 ###################################
4 #secure wipe gpgout directory
5 wipe -rfi ~/programs/utils/scripts/gpg/gpgout/*
6 #decrypt p1.gpg to file p1.txt
7 gpg -o ~/programs/utils/scripts/gpg/gpgout/p1.txt -d ~/programs/utils/scripts/gpg/p1.gpg
8 #clear cached password
9 echo RELOADAGENT | gpg-connect-agent
10 #print p1.txt password to the terminal
11 cat p1.txt
12 #secure wipe gpgout directory again to remove p1.txt
13 wipe -rfi ~/programs/utils/scripts/gpg/gpgout/*
14 #silence bash output
15 #https://www.baeldung.com/linux/silencing-bash-output
16 command > /dev/null 2> /dev/null
It seems you're using gpg-agent which store keys and passphrase.
To prevent gpg-agent to provide keys/passphrase to gpg, you should force the gpg-agent reload before the gpg call :
###################################
# securely decrypt password file and delete
###################################
#secure wipe gpgout directory
wipe -rfi ~/programs/utils/scripts/gpg/gpgout/*
#decrypt p1.gpg to file p1.txt
#clear cached password
echo RELOADAGENT | gpg-connect-agent
gpg -o ~/programs/utils/scripts/gpg/gpgout/p1.txt -d ~/programs/utils/scripts/gpg/p1.gpg
#clear cached password
echo RELOADAGENT | gpg-connect-agent
#print p1.txt password to the terminal
cat p1.txt
#secure wipe gpgout directory again to remove p1.txt
wipe -rfi ~/programs/utils/scripts/gpg/gpgout/*
#silence bash output
#https://www.baeldung.com/linux/silencing-bash-output
command > /dev/null 2> /dev/null
I'll suggest you also a better way (no subshell) to deal with gpg-connect-agent :
gpg-connect-agent reloadagent /bye
instead of
echo RELOADAGENT | gpg-connect-agent
I want to modify this bash script to not ask for password for each file but look for password in the following file /home/user/Documents/pass.txt
I got this nice script on GIT hub and it works but it prompts me for passphrase for each file I want to encrypt, I would like to modify the script to seek password from a text file in /home/user/Documents/pass.txt and read the password in the pass.txt file and encrypt all files in the directory using siad password
Please Help I have been doing this manually for the past 2 weeks
#!/bin/bash
# This uses gpg to encrypt every file in a directory as separate
# encrypted files
# Usage
# ./encrypt-all.sh ./dir-of-files-to-encrypt "PASSPHRASE"
FILES="$1"
PASSPHRASE="$2"
pushd $FILES
for file_name in ./*; do
enc_name="$file_name.gpg"
echo "Encrypting $file_name"
gpg \
--passphrase "$PASSPHRASE" \
--batch \
--output "$file_name.gpg" \
--symmetric \
--cipher-algo AES256 \
"$file_name"
echo "Done! Output: $gpg_name"
done
popd
Use --passphrase-file instead of --passphrase, to indicate the name of the file whose first line is the passphrase to use.
Hi im using gpg to decrypt a file in linux, im using
shell_exec("gpg --batch --passphrase-file $passphrase_file -d $encrypted_file");
to decrypt the file, but im getting the following errors.
gpg: gpg-agent is not available in this session
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
This error makes it appear that the commaand doesnt like to be run using shell_exec (similar to how sudo/ssh warns about needing a tyy when run with shell_exec)::
gpg: gpg-agent is not available in this session
What happens if u run it directly from the shell prompt?
Also, make sure your not in safe mode:
shell_exec() (functional equivalent of backticks)
This function is disabled when PHP is running in safe mode.
Check with phpinfo()
check that the function is not disabled:
$ grep 'disable_functions' /etc/php.ini
Edit:
Also, try using putenv to point GNUPGHOME to your .gnupg folder.
It could be that the php script is being run as the httpd user and the gpg is expecting the 'user' user for your site.
I ran into a similar problem calling gpg from cron.
The command works fine when run from the command line or from a shell script. Running the command from cron fails with the same errors you're getting.
Two resources I found were a good gpg cheetsheet
And this answer on serverfault
I was able to get it to work after generating a gpg key.
gpg --gen-key
And then encrypt with:
gpg -e -r name#domain.tld backup_file.tgz
In order to decrypt gpg encrypted files using relevant passphrase file and running it through an applicative context, use the following formula:
gpg --no-tty --no-use-agent --yes --passphrase-file <pass-phrase-file>
--output <decrypted-file-path> --decrypt <encrypted-file-path>
example:
$ cd /home/app/gpg_example
$ ls -la
-rwxr-xr-x 3 user root 1000 Jan 1 00:00 secret_passphrase.txt
-rwxr-xr-x 3 user root 7000 Jan 1 00:00 encrypted-file.tar.gpg
$ gpg --no-tty --no-use-agent --yes --passphrase-file secret_passphrase.txt
--output decrypted-file.tar --decrypt encrypted-file.tar.gpg
$ ls -la
-rwxr-xr-x 3 user root 1000 Jan 1 00:00 secret_passphrase.txt
-rwxr-xr-x 3 user root 7000 Jan 1 00:00 encrypted-file.tar.gpg
-rwxr-xr-x 3 user root 6970 Jan 1 00:00 decrypted-file.tar # <= that's decrypted file.