如何使用gpg命令行检查密码是否正确 [英] How to use gpg command-line to check passphrase is correct
问题描述
我正在尝试使用duplicity自动执行备份,但是当我测试结果时,我得到了
I am trying to automate backups with duplicity, but when I test the result, I get
gpg:公钥解密失败:密码短语错误
gpg: public key decryption failed: bad passphrase
我想检查我使用的密码短语是否实际上是与相应gpg密钥相关联的密码短语,但是无论如何我在gpg命令行选项中都看不到不要加密或解密任何内容"只需确认我使用的密码正确即可."
I want to check whether the passphrase I am using is actually the passphrase associated with the corresponding gpg secret-key, but I can't see anyway in the gpg command-line options to say "Don't encrypt or decrypt anything. Just confirm I am using the right passphrase."
这表明也许我(还是再次)误解了Gnu Privacy Guard. (喜欢嘲笑我直到哭泣.)
This suggests that maybe I am (yet again) misunderstanding Gnu Privacy Guard. (It has a predilection for taunting me until I cry.)
要求gpg验证密码是否有意义?如果可以,怎么办?
Does it make sense to ask gpg to verify a passphrase? If so, how?
推荐答案
没有内置方法可以执行此操作,但是创建一个无需修改任何内容并允许您仅检查自己的测试就足够简单了密码.
There is no in-built method for doing this, but it is simple enough to create a test that doesn't modify anything and allows you to just check your passphrase.
您没有指定,因此我假设您使用的是低于v2的GnuPG版本,并且在Linux上使用Bash作为您的命令行解释器.
You didn't specify, so I will assume you are using GnuPG version less than v2 and are on Linux with Bash for your commandline interpreter.
我将在此处和下面给出命令,并解释每个部分的作用-(注意:以下内容适用于GnuPG系列版本1,请参见下文适用于GnuPG系列v2)
I will give the command here and below I will explain what each part does - (note: the following is for GnuPG series version 1, see below for GnuPG series v2)
echo "1234" | gpg --no-use-agent -o /dev/null --local-user <KEYID> -as - && echo "The correct passphrase was entered for this key"
首先要做的是,用echo "1234" |用管道将一些文本签名到GnuPG上-因为我们真的不想签署任何东西,这只是一个测试,所以我们将签署一些无用的文本.
What that does is first, pipe some text to sign to GnuPG with echo "1234" | - because we don't really want to sign anything, this is just a test, so we will sign some useless text.
接下来,我们告诉gpg不要将密钥代理与--no-use-agent一起使用;稍后这很重要,因为取决于您的关键代理,成功后它可能不会返回"0",而这就是我们要做的-验证密码是否成功.
Next, we tell gpg to not use the key agent with --no-use-agent; this is important later because, depending on your key agent, it may not return "0" on success, and that is all we want to do - verify success of your passphrase.
接下来,我们告诉gpg将签名的数据直接放入/dev/null文件中,这意味着我们将其丢弃并且不将结果写入终端-注意:如果您未使用Linux/Unix的某些变体,这文件可能不存在.在Windows上,您可能只需要省略-o /dev/null部分就可以允许其将签名的数据写入屏幕.
Next, we tell gpg to put the signed data directly into the /dev/null file, meaning we discard it and not write the result to the terminal -- NOTE: if you are not using some variant of Linux/Unix, this file may not exist. On windows you may have to just allow it to write the signed data to the screen by just omitting the -o /dev/null part.
接下来,我们使用--local-user 012345指定要用于测试的密钥.您可以使用KeyID以获得最大的特异性,也可以使用用户名,以最适合您的需求.
Next, we specify the key we want to do our test with by using --local-user 012345. You can use the KeyID for maximum specificity, or use a username, whichever best suites your needs.
接下来,我们指定-as,它启用ascii输出模式,并设置用于签名的上下文模式.之后,-只是告诉GnuPG从标准输入中获取要签名的数据,这是我们给出的echo "1234" |命令的第一部分.
Next we specify -as, which enables ascii output mode, and sets the context mode for signing. The - afterwards just tells GnuPG to get the data to be signed from standard-in, which is the very first part of the command we gave echo "1234" |.
最后,我们有&& echo "A message that indicates success"-&&"意味着,如果上一个命令成功执行,则打印此消息.只是为了清楚起见添加了此命令,因为否则,上面的命令的成功将根本没有输出来指示.
And last, we have && echo "A message that indicates success" -- the "&&" means, if the previous command was successful, print this message. This is just added for clarity, because the success of the command above would otherwise be indicated by no output at all.
我希望这一点足够清楚,以使您了解正在发生的事情以及如何使用它进行所需的测试.如果任何部分不清楚或您不清楚,我将很高兴澄清.祝你好运!
I hope that is clear enough for you to understand what is going on, and how you can use it do the testing you want to do. If any part is unclear or you do not understand, I will be glad to clarify. Good luck!
-如果您使用的是GnuPG v2,则需要对上述命令进行一些修改,如下所示:
- If you are using GnuPG v2, the above command will need to be modified slightly, like so:
echo "1234" | gpg2 --batch --passphrase-fd 1 -o /dev/null --local-user <KEYID> -as - && echo "The correct passphrase was entered for this key"
原因是,GnuPG v2希望通过代理检索密码短语,因此我们不能在--no-use-agent上禁用代理的使用并取得预期的效果;相反,我们需要告诉GnuPG v2我们要运行批处理"过程,并使用选项--passphrase-fd 1从STDIN(标准输入)中检索密码.
The reason being, GnuPG v2 expects the passphrase to be retrieved via an agent, so we cannot disable the use of the agent with --no-use-agent and have the desired effect; instead we need to tell GnuPG v2 that we want to run a "batch" process, and retrieve the passphrase from STDIN (standard in) by using the option --passphrase-fd 1.
这篇关于如何使用gpg命令行检查密码是否正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
