Suppress the passphrase prompt in GPG command

Asked 2/3, 2018 at 15:37 Answered 12/5, 2022 at 4:3

Edited Version

I have a question about GPG, but I write all of the process, maybe it will help someone.

I want to: Suppress the passphrase prompt in GPG command. I don't want to: use -c option (--symmetric).

I have 2 systems Linux and Windows. I want to send the data from Linux to Windows. I want to encrypt the data in Linux and decrypt in Windows.

myFileOnLinux.txt is a file on Linux that I want to encrypt.
[email protected] the UID of pair key.
myPasswordPhrase is the password phrase.

I installed GPG on both and did the steps:

Generate a pair key in Windows:
```
gpg --gen-key
```

Change the key parameter in Windows:

gpg --edit-key [email protected]

trust
5
expire
0

Export the public keys:

gpg -a --export [email protected] > public.key

Send the public key to the Linux machine.
Import the public key in Linux.
```
gpg --import public.key
```

Change the trust parameter in Linux

gpg --edit-key [email protected]

trust
5

Encrypt a file in Linux

gpg --output output.enc --encrypt --recipient [email protected] myFileOnLinux.txt

Send the encrypted file to Windows.

Decrypt the file.

gpg --batch --passphrase "myPasswordPhrase" -d -o test.dec output.enc

In Windows with a popup window it asked me the Passphrase again. How can I avoid it?

Affright answered 2/3, 2018 at 15:37 Comment(9)

Try --passphrase-file option. – Ahmad 2/3, 2018 at 15:47

The same problem :( – Affright 2/3, 2018 at 15:52

Found this: unix.stackexchange.com/questions/60213/… – Ahmad 2/3, 2018 at 19:20

@Ahmad Thanks, but as I mentioned, I don't want use -c as option. – Affright 2/3, 2018 at 19:44

@MalusJan were you able to get this resolved? I am facing similar issue on gnupg2.x for Windows. – Bonis 6/4, 2018 at 3:12

@ditty unfortunately not. I used -c option 😔 – Affright 7/4, 2018 at 3:52

@MalusJan what is the -c option? – Bonis 8/4, 2018 at 0:46

@Bonis -c, --symmetric Encrypt with symmetric cipher only This command asks for a passphrase. Like have just one password (there is not private and public password). Look at the link for more options Link – Affright 9/4, 2018 at 12:15

@Bonis look at the answer that Marc wrote down. – Affright 14/5, 2018 at 18:43

After a lot of digging I found this command which disables the entry prompt on windows(works also for *nix systems):

--pinentry-mode=loopback

The full command would be:

gpg --pinentry-mode=loopback --passphrase  "PASSWORD" -d -o "PATH\TO\OUTPUT" "PATH\TO\FILE.gpg"

Tojo answered 14/5, 2018 at 15:31 Comment(5)

OMG I have been wasting hours trying to figure this out. Every answer out there is either using an older version of gpg where the passphrase/batch options used to work in windows, or they are linux users where those options still work. THANK YOU. – Tague 16/11, 2018 at 23:8

GPG 1.4.7 was working fine with "--batch" switch to suppress interactive command. For GPG 2.2+ "--batch" switch did not work but "--pinentry-mode=loopback" worked to suppress passphrase window while running command. Thanks for solution! – Ferdinana 21/2, 2019 at 11:56

This worked. However the "--batch" and "--yes" switch I had to keep. If the destination file existed then the overwrite pop up would hold up the process. So adding those two switches automatically suppressed and answered yes to overwrite. – F 4/10, 2019 at 15:40

@F --pinentry-mode=loopback works fine for me with and without --batch and --yes on gpg v2.2.20, also in conjunction with --passphrase-fd 0 and piping in the passphrase. --batch and --yes alone did not work for me either as @mayank-jha already mentioned above. – Defalcation 16/7, 2020 at 16:20

Let's see what man say:

If this command (--quick-gen-key) is used with --batch, --pinentry-mode has been set to loopback, and one of the passphrase options (--passphrase, --passphrase-fd, or passphrase-file) is used, the  sup-               plied passphrase is used for the new key and the agent does not ask for it.

– Eolanda 13/7, 2022 at 7:46

gpg --batch --import sec.key
gpg -d --batch --passphrase mypassphrase encrypted_file.gpg

the --batch flag supresses the passphrase prompt while importing keys as well as while decrypting the files.

Isadoraisadore answered 7/5, 2021 at 18:16 Comment(0)

If you want to use symmetric keys (-c option) then you just need to add the --quiet and --batch flags.

Here is a full working example:

gpg --symmetric --cipher-algo AES256 --passphrase mySuperCoolPassphrase --quiet file_to_encrypt.tftpl

github also has a working example of this which they use to decrypt the file in an automation https://docs.github.com/en/actions/security-guides/encrypted-secrets#limits-for-secrets

UPDATE

There is an issue with gpg decryption that made me think twice about using it in production. (Basically it hangs indefinitely unless you manually tinker with it) so I've decided to go with https://github.com/FiloSottile/age instead as it is simple to use, highly rated, and seems very reliable

Stonehenge answered 12/5, 2022 at 4:3 Comment(0)

Edited Version

Recommended topics

Hot tags