Login/Register
gpg-agent in gpg2
Asked Answered
Solved gnupgencryption-symmetric
M

1

10

I'm attempting to futureproof some custom software that utilizes GPG (currently v 1.4.10) to perform symmetric encryption/decryption processes. My current encryption command looks like this:

gpg --batch --no-tty --no-use-agent --symmetric --cipher-algo AES256 --passphrase "foobar" /path/to/file_to_be_encrypted

Without the --no-use-agent option, I get the infamous error message

gpg-agent is not available in this session

I'm concerned about a move to gpg2 because, according to the documentation, the gpg-agent is always required, and --no-use-agent is simply a dummy option. My gpg calls occur in the background via a daemon process, so this is very much a no-agent scenario (plus the fact that it's symmetric, and I have no need of the agent at all).

Documentation at this level of detail is sparse, so I'm looking for user experience. Does gpg2 incorporate the agent more tightly, so that I don't have to worry about its availability?

Moue answered 10/8, 2011 at 19:52 Comment(1)
You should accept sinharaj's answer. He gave you everything you need to know.Viral
G
7

  1. The way you invoke gpg2, it might fail if the output file path/to/file_to_be_encrypted.gpg already exists. If you want the file to be overwritten, you should provide the --yes option:

    gpg2 --batch --yes --no-tty --no-use-agent --symmetric --cipher-algo AES256 --passphrase "foobar" /path/to/file_to_be_encrypted

  2. When you are using symmetric encryption (like you do), the passphrase constraints (even if set to enforced by gpg-agent) will not be applied at all—it will just work.

    Say the gpg-agent was run like this (and let the mypasswords file even contain the forbidden pattern that exactly matches your password):

    eval $(gpg-agent --daemon --enforce-passphrase-constraints --min-passphrase-len 8 --min-passphrase-nonalpha 4 --check-passphrase-pattern mypasswords)

    Then your command would still succeed.

    In short: gpg-agent will not make it fail (unless it crashes gpg for some reason—like wrong configuration or missing executable, which you cannot account for).

    EDIT: I've just checked and in symmetric mode gpg2 will work even if gpg-agent is wrongly configured or if the gpg-agent executable is missing.

    This is not related, but just in case: I also verified what happens when you try to change the password of your private key while gpg-agent is missing or is wrongly configured: gpg2 will report a warning, will not even ask for the new passphrase, and continue working.

Sources:

Golfer answered 19/8, 2011 at 13:54 Comment(2)
how about decrypt, is there any way work without gpg-agent?Nesta
I would bet that this depends on whether you're using symmetric encryption or not. If not, this probably won't work since the gpg-agent manages private keys.Nematode

© 2022 - 2024 — McMap. All rights reserved.