使用gpgme解密文件时如何绕过pinentry(密码短语屏幕) [英] how to bypass pinentry (passphrase screen) while decrypting a file using gpgme

问题描述

我正在尝试从服务器解密文件，该服务器具有该服务器的必需公钥.密钥环具有密码保护，因此当我尝试解密文件时，它会要求我输入密码.

当我们尝试解密文件时，是否可以通过传递密码来绕过该密码短语.

我正在使用gpg-agent，其中密码被缓存了600秒的默认时间，由于某种原因，我无法设置max-cache-ttl(它对我不起作用，我不知道y)并且可用仅用于该会话.

现在，我想缓存我正在使用gpg-preset-passphrase的密码短语.我在.gnupg/gpg-agent.conf中将其设置为gpg-preset-passphrase --preset hex.我不知道我在这里缺少什么.

有人可以让我知道我在其中缺少什么吗?

解决方案

我无法绕过密码短语或密码输入屏幕，但是我使用了gpg-agent这样的选项，如default-cache-ttl来设置缓存时间.这样，从第二次尝试开始，pinentry将检索缓存的密码，并将重置defaul-cache-ttl上的计时器.

还有一个名为max-cache-ttl的选项，即使在成功检索缓存的密码短语并重置default-cache-ttl之后，此选项也不会更改其计时器，并且在设置的超时时间后会使缓存的密码短语过期. >

例如:如果我将两者都设置为10小时(即36000秒)，如果我在5小时后调用解密，则默认情况下将重置其计时器，现在我们还有10个小时.但是最大值会在最初的10小时后过期，因此会在10小时后删除缓存的密码短语.

我发现的另一个问题是gpg-agent的会话问题.即，如果我打开一个新会话并尝试解密，则不会发生，并且会出现错误消息，指出该会话无法使用gpg-agent.我写了一些shell脚本并将其放在bashrc上，以便在启动新会话后立即启动

I am trying to decrypt a file from the server where I have the required public key of that server. The keyring has a password protection and so when I try to decrypt a file, it asks me for a passphrase.

Is there a way to bypass that passphrase by passing the password when we try to decrypt the file.

I am using gpg-agent where the passphrase is cached for 600sec default time and for some reason I am unable to set the max-cache-ttl (It didn't work for me, I don't know y) and is availble only for that session.

Now I want to cache the passphrase for which I am using gpg-preset-passphrase. I set it in .gnupg/gpg-agent.conf as gpg-preset-passphrase --preset hex. I don't know what I am missing in this.

Can someone please let me know what I am missing in this?

解决方案

I am unable to bypass the passphrase or pinentry screen, but I used gpg-agent options like default-cache-ttl to set the cache time. So that from the second attempt, the pinentry is going to retrieve the cached passphrase and will reset the timer on defaul-cache-ttl.

There is one more called max-cache-ttl option, even after the successfull retrieval of cached passphrase and reset of default-cache-ttl, this option doesn't change its timer and expires the cached passphrase after the set timeout.

For ex: If I set both of them for 10hrs (i.e., 36000sec), if I call the decrypt after 5hrs, default is going to reset its timer and now we have 10more hours. But the max is going to expire after the initial 10hours and thus removes the cached passphrase after 10hours.

One more problem I found is, session issue with gpg-agent. i.e., if I open a new session and try to decrypt, it doesn't happen and errors out that gpg-agent is not available for this session. I wrote some shell script and put it on bashrc so that it starts as soon as a new session is started

这篇关于使用gpgme解密文件时如何绕过pinentry(密码短语屏幕)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！