Generate a new key
gpg --gen-key generate a new key
- Will prompt for answers to questions
- Can the answers be fed as part of the command? Otherwise create a perl sub to do this.
- Each key in the keychain will have it’s own password
gpg --passphrase password --decrypt-file testfile.txt.gpg -o testfile2.txt
- Use a password to decrypt the file
gpg --list-keys
-e, --encrypt [file]
-d, --decrypt [file]
--list-keys [names]
--list-public-keys [names]
-K, --list-secret-keys [names]
--delete-key name
--delete-secret-key name
--delete-secret-and-public-key name
--export [names]
--export-secret-keys [names]
--export-secret-subkeys [names]
--import [files]
-r, --recipient name
-a, --armor
-o, --output file
-q, --quiet
--batch
--homedir directory
--debug flags
--passphrase-fd n
If you use 0 for n, the passphrase will be read from stdin.
--passphrase string
GPG2 started requiring the agent to run
presumably you already have a .gnupg directory, but this won’t hurt even if you do
mkdir -p -m 700 ~/.gnupg
now let’s create the socket. The “p” below says make it a “pipe” (aka: fifo or socket)
mknod -m 700 ~/.gnupg/S.gpg-agent p
And give gpg-agent a whirl:
gpg-agent --daemon
To prevent gpg from asking for the passphrase we echo the passphrase into the command. However we still had to add in the option “–batch” to get the “–passphrase-fd 0” option to work with the pipe
echo "passphrase" | gpg --batch --passphrase-fd 0 --homedir /home/jobs/.gnupg --no-tty --output file.txt --skip-verify --decrypt encryptedfile.pgp