How to use GnuPG with --passphrase?

I want to write a script that will run gpg a file called "file" with the passphrase "test".

Normally, when I use gpg, I usually just run gpg -c file and it asks me for the passphrase. But since I want this script to do everything on its own, I would like to provide the passphrase as part of the command.

Now when I try to use: gpg -c file --passphrase test, it outputs:

usage: gpg [options] --symmetric [filename]

Which seams like it wants me to use gpg --passphrase test --symmetric file. But if I do that, it pops up a dialog asking me for the passphrase to use; which is not what I want.

How do I do set up the arguments correctly?

3 Answers

In GnuPG, options must preced commands, thus the --passphrase option must come before --symmetric.

Regarding the pin entry window, that pops up anyway (although you use --passphrase), you're probably already using GnuPG 2, which requires --batch to be used together with --passphrase. From the man pages:

--passphrase string Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very questionable security on a multi-user system. Don't use this option if you can avoid it. Note that this passphrase is only used if the option --batch has also been given. This is different from GnuPG version 1.x.

Be aware that on multi user systems all other users will be able to read your command line, and thus also the passphrase while GnuPG is executed. Better use one of the other --passphrase-* options instead to read from a file or pipe.

If gpg --version reports v2, you need to add the --batch option.

Based on the syntax output you're probably using v1, in which case you want:

gpg --passphrase PASS -c --no-use-agent FILE

Note that the order of options is not important; however, any file needs to be the last argument.

Using --pinentry-mode loopback works with --passphrase & --passphrase-[file/fd], and will let you enter new info, in case of filename conflicts for example:

File 'xyz.gpg' exists. Overwrite? (y/N)n
Enter new filename: xyz2.gpg

unlike --batch that will quickly fail, saying ...failed: File exists

If you had originally added the verbose option (-v) first, you should have seen something like:

$ gpg -v -c file --pinentry-mode loopback --passphrase-file=passfile
gpg: Note: '--pinentry-mode' is not considered an option
gpg: Note: '--passphrase-file=passfile' is not considered an option
usage: gpg [options] --symmetric [filename]

indicating pretty clearly that it didn't like something about putting -c (--symmetric) first.

I consider gpg2's behaviour of ignoring --passphrase options unless accompanied by --batch as a bug.

Fame Burst

How to use GnuPG with --passphrase?

3 Answers

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

Why does DLC not download with backwards compatible xbox games?

Does Anna Navarre and Gunther Hermann's killswitch codes have any meaning?

Which purchasable houses have access to alchemy / enchanting / smithy / cooking?

Does the type of hard drive affect load times for an Xbox 360 Slim?