如何使用Gnupg的passphrase-fd参数? [英] How to use Gnupg's passphrase-fd argument?

问题描述

我想在没有任何用户干预的情况下使用GnuPG的decrypt命令.脚本的--passphrase-fd参数似乎正是我所需要的.但我不知道它是如何工作的-尚未找到示例.

I would like to use GnuPG´s decrypt command without any user interation. The script's --passphrase-fd argument seems exactly what I need. But I don't know how it works - haven't found examples.

在Windows和UNIX环境下，谁能给我这样的命令的示例?

Could anyone give me an example of such a command, on both Windows and UNIX environments?

(仅供参考，我使用的是GnuPG 2).

(FYI, I'm using GnuPG 2).

已经感谢:)

推荐答案

要在GnuPG v2中使用gpg选项--passphrase-fd，必须指定--batch参数.我将首先解释--passphrase-fd的工作原理，然后进入示例.

In order to use the gpg option --passphrase-fd in GnuPG v2, you must specify the --batch parameter. I will first explain how --passphrase-fd works, and then get to the examples.

--passphrase-fd告诉GnuPG哪个文件描述符(-fd)期望密码短语出现从.标准文件描述符为STDIN(0)，STDOUT(1)和STDERR(2).对于此问题，您通常只关心STDIN(0).

--passphrase-fd tells GnuPG which file descriptor (-fd) to expect the passphrase to come from. The standard file descriptors are STDIN (0), STDOUT (1) and STDERR (2). For the context of this question, you would normally only be concerned about STDIN (0).

您没有指定密码的来源，因此我将以多种方式演示STDIN(标准输入)的用法.

You didn't specify where you want the passphrase to come from, so I will demonstrate the usage of STDIN (standard in) in a variety of ways.

--passphrase-fd 0告诉GnuPG从输入到当前shell中检索密码.因此，例如，如果您希望GnuPG在控制台输入的下一行中获取密码短语数据，则命令和输出将如下所示:

--passphrase-fd 0 tells GnuPG to retrieve the passphrase from input into the current shell; so for example if you want GnuPG to get the passphrase data in the very next line of console input, the command and output would be like so:

gpg2 --batch --passphrase-fd 0 --armor --decrypt /path/to/encrypted_file.pgp
<next line of input is passphrase followed by hitting enter>
gpg: encrypted with 1024-bit RSA key, ID EC18C175, created 2013-10-26
      "testkey4321 (4321) <test@4321.com>"
this is a test... this is only a test...

在上面的示例中，密码通过文件描述符0(STDIN)提供-我们通过在shell当前的标准输入中输入密码来提供密码.

In the above example, the passphrase was provided via file descriptor 0 (STDIN) - which we provided by entering it on the shells current standard input.

在下一个示例中，我们将告诉GnuPG从当前shell的输入中检索密码，该密码实际上是另一个命令的输出(在这种情况下，echo只是回声"您告诉的内容):

In the next example, we will tell GnuPG to retrieve the passphrase from input into the current shell that is actually the output of another command (echo, in this case, which merely "echos" what you tell it to):

echo "mypassphrase" | gpg2 --batch --passphrase-fd 0 --armor --decrypt /path/to/encrypted_file.pgp
gpg: encrypted with 1024-bit RSA key, ID EC18C175, created 2013-10-26
      "testkey4321 (4321) <test@4321.com>"
this is a test... this is only a test...

另一个将包含密码短语的文件的内容转储到STDIN的示例-

Another example that dumps the contents of a file that contains the passphrase to STDIN -

cat /path/to/file_with_passphrase | gpg2 --batch --passphrase-fd 0 --armor --decrypt /path/to/encrypted_file.pgp
gpg: encrypted with 1024-bit RSA key, ID EC18C175, created 2013-10-26
      "testkey4321 (4321) <test@4321.com>"
this is a test... this is only a test...

总而言之，--passphrase-fd只是告诉GnuPG您想通过标准文件描述符为它提供必要的密码. GnuPG v2和GnuPG之间的区别只是--batch参数.

In summary, --passphrase-fd just tells GnuPG that you want to feed it the requisite passphrase via a standard file descriptor; the difference between GnuPG v2 and GnuPG is merely the --batch parameter.

上面的示例在Windows和* nix环境中应该工作相同，唯一的区别是在Windows中-根据您的配置和版本-您必须将cat替换为type才能转储将文件的内容发送到STDIN.

The above examples should work the same in Windows and *nix environments, with the only difference being that in Windows - depending on your configuration and version - you will have to replace cat with type in order to dump the contents of a file to STDIN.

这篇关于如何使用Gnupg的passphrase-fd参数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！