Login/Register
Bruteforce GPG passphrase using script [duplicate]
Asked Answered
Solved linuxbashubuntugnupgbrute-force
P

3

13

I have forgotten my passphrase for my gpg key on linux. Can someone please help me write a simple script to use bruteforce to crack the key? I remember some of the words which MIGHT be in the passphrase, so hopefully, it will not take long for my computer to bruteforce it.

All is not lost if I can't recover the passphrase, it just means I will not be able to work on my project for the next 10 days until I get back to work to get another copy of the files, but this time with a new key for which I will remember to passphrase.

However, it will be nice to be able to work on my project in these 10 days.

Pintail answered 25/12, 2010 at 18:49 Comment(0)
F
7

1) The script won't be simple, at least how you envisage "simple."

2) It will take a long time - that's the point of using pass phrases over simple passwords. Taking the time to write such a script, incorporating your words which may or may not be in the phrase plus a stab at iterating will probably take over ten days.

3) You probably will forget the next passphrase too.

4) Ooops!

Sorry dude, time to start a new project (at least to while away the next ten days - I suggest a passphrase cracker as an ideal distraction.)

Merry Christmas!

-Oisin

Fresco answered 25/12, 2010 at 19:0 Comment(5)
>> Sorry dude, time to start a new project (at least to while away the next ten days.) I passphrase cracker? :DPintail
Yes, perfectly ironic project to start writing! (edited to include this wisecrack - pun intended)Fresco
lol, ok, i guess i just have to spend the next 10 days consuming excessive amounts of turkey and alcohol!Pintail
I'm sure you can find something on github now, like github.com/mathewmarcus/bruteforce-gpgMaurene
@МаксимШатов He said next ten days, not years ;)Fresco
T
8

Maybe something like:

#!/bin/bash
#

# try all word in words.txt
for word in $(cat words.txt); do 

  # try to decrypt with word
  echo "${word}" | gpg --passphrase-fd 0 --no-tty --decrypt somegpgfile.gpg --output somegpgfile;

  # if decrypt is successfull; stop
  if [ $? -eq 0 ]; then

    echo "GPG passphrase is: ${word}";
    exit 0;

  fi

done;

exit 1;
Thorstein answered 29/12, 2010 at 13:14 Comment(2)
Will this only work with whole words per line? What if I only remember part of the passphrase?Pintail
You can generate a list of passphrases containing the part you rememberThorstein
F
7

1) The script won't be simple, at least how you envisage "simple."

2) It will take a long time - that's the point of using pass phrases over simple passwords. Taking the time to write such a script, incorporating your words which may or may not be in the phrase plus a stab at iterating will probably take over ten days.

3) You probably will forget the next passphrase too.

4) Ooops!

Sorry dude, time to start a new project (at least to while away the next ten days - I suggest a passphrase cracker as an ideal distraction.)

Merry Christmas!

-Oisin

Fresco answered 25/12, 2010 at 19:0 Comment(5)
>> Sorry dude, time to start a new project (at least to while away the next ten days.) I passphrase cracker? :DPintail
Yes, perfectly ironic project to start writing! (edited to include this wisecrack - pun intended)Fresco
lol, ok, i guess i just have to spend the next 10 days consuming excessive amounts of turkey and alcohol!Pintail
I'm sure you can find something on github now, like github.com/mathewmarcus/bruteforce-gpgMaurene
@МаксимШатов He said next ten days, not years ;)Fresco
T
5

Tersmitten's answer may be out of date. 

echo "${word}" | gpg --passphrase-fd 0 -q --batch --allow-multiple-messages --no-tty  --output the_decrypted_file -d /some/input/file.gpg;

I used the above line with gpg 2.0.20 and libcrypt 1.5.2 to achieve the desired results.

Tlingit answered 10/6, 2013 at 19:38 Comment(1)
Replacing the 8th line of tersmitten's code with yours worked for me. I used gpg (GnuPG) 2.2.20 and libgcrypt 1.8.7 (which is the latest as of Jan 2021).Angiosperm

© 2022 - 2024 — McMap. All rights reserved.