How can I cache a passphrase for use in a script that uses gpg2 --symmetric with STDIN? ...

How much damage would a cupful of neutron star matter do to the Earth?

Conditions when a permutation matrix is symmetric

Putting class ranking in CV, but against dept guidelines

Why weren't discrete x86 CPUs ever used in game hardware?

Strange behavior of Object.defineProperty() in JavaScript

How often does castling occur in grandmaster games?

How to write capital alpha?

Girl Hackers - Logic Puzzle

One-one communication

Lagrange four-squares theorem --- deterministic complexity

Trademark violation for app?

Are sorcerers unable to use the Careful Spell metamagic option on themselves?

Google .dev domain strangely redirects to https

How did Fremen produce and carry enough thumpers to use Sandworms as de facto Ubers?

macOS: Name for app shortcut screen found by pinching with thumb and three fingers

Karn the great creator - 'card from outside the game' in sealed

What is the difference between a "ranged attack" and a "ranged weapon attack"?

How to save space when writing equations with cases?

Significance of Cersei's obsession with elephants?

What is an "asse" in Elizabethan English?

What are the discoveries that have been possible with the rejection of positivism?

Maximum summed subsequences with non-adjacent items

Did Mueller's report provide an evidentiary basis for the claim of Russian govt election interference via social media?

Deconstruction is ambiguous



How can I cache a passphrase for use in a script that uses gpg2 --symmetric with STDIN?



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)gpg2 on Mac: How to enter passphrase on terminal instead of getting a GUI prompt?gpg-agent fails with “command get_passphrase failed: End of file” on pinentryHow do I add more passphrases for GPG symmetric encryption?gpg2 - no option to select aes block cipher and outdated use agent?Set up gpg to decrypt own local files without supplying passphraseHow to use GnuPG with --passphrase?gpg does not ask for passphrase on one encrypted fileRemove unnecessary under-the-hood GPG public key cryptographyHow to configure gpg2 to ask for passphrase on the console instead of in a popup window?How do I avoid all passphrase prompts for GPG2's asymmetric decryption?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I am working on a computer program that stores and retrieves secrets and needs to run without user interaction on the server.



I have successfully set everything up in my system to use gpg-agent to retrieve the cached passphrase without user interaction to encrypt and decrypt data with gpg2 --symmetric when I specify a file name.



However, this requires me to temporarily store my data on the disk without encryption. I do not want to put unencrypted data on my disk. So now I have changed things to work with STDIN and STDOUT rather than disk files.



The command I am testing with is this: cat test.txt | gpg2 --symmetric -o test.gpg.



The problem is that now it does not seem possible to get the passphrase cached and so I must enter it interactively each time. This will not work for my server program.



I have tried using gpg-preset-passphrase for this. I do not know if it is possible though because it wants a "KEYGRIP". One rough idea I have is this: maybe there is some default keygrip that gpg2 uses with --symmetric and STDIN. But I don't know if that idea will pan out.



I am not planning to specify a passphrase in my code with --passphrase because that means I need to store a secret in the code, which I am not going to do.. and it would allow anyone who could access the code to decrypt the files. It would also expose the passphrase on the command line.



I hope that it is clear enough what I am trying to achieve. Any ideas are appreciated.










share|improve this question





























    0















    I am working on a computer program that stores and retrieves secrets and needs to run without user interaction on the server.



    I have successfully set everything up in my system to use gpg-agent to retrieve the cached passphrase without user interaction to encrypt and decrypt data with gpg2 --symmetric when I specify a file name.



    However, this requires me to temporarily store my data on the disk without encryption. I do not want to put unencrypted data on my disk. So now I have changed things to work with STDIN and STDOUT rather than disk files.



    The command I am testing with is this: cat test.txt | gpg2 --symmetric -o test.gpg.



    The problem is that now it does not seem possible to get the passphrase cached and so I must enter it interactively each time. This will not work for my server program.



    I have tried using gpg-preset-passphrase for this. I do not know if it is possible though because it wants a "KEYGRIP". One rough idea I have is this: maybe there is some default keygrip that gpg2 uses with --symmetric and STDIN. But I don't know if that idea will pan out.



    I am not planning to specify a passphrase in my code with --passphrase because that means I need to store a secret in the code, which I am not going to do.. and it would allow anyone who could access the code to decrypt the files. It would also expose the passphrase on the command line.



    I hope that it is clear enough what I am trying to achieve. Any ideas are appreciated.










    share|improve this question

























      0












      0








      0








      I am working on a computer program that stores and retrieves secrets and needs to run without user interaction on the server.



      I have successfully set everything up in my system to use gpg-agent to retrieve the cached passphrase without user interaction to encrypt and decrypt data with gpg2 --symmetric when I specify a file name.



      However, this requires me to temporarily store my data on the disk without encryption. I do not want to put unencrypted data on my disk. So now I have changed things to work with STDIN and STDOUT rather than disk files.



      The command I am testing with is this: cat test.txt | gpg2 --symmetric -o test.gpg.



      The problem is that now it does not seem possible to get the passphrase cached and so I must enter it interactively each time. This will not work for my server program.



      I have tried using gpg-preset-passphrase for this. I do not know if it is possible though because it wants a "KEYGRIP". One rough idea I have is this: maybe there is some default keygrip that gpg2 uses with --symmetric and STDIN. But I don't know if that idea will pan out.



      I am not planning to specify a passphrase in my code with --passphrase because that means I need to store a secret in the code, which I am not going to do.. and it would allow anyone who could access the code to decrypt the files. It would also expose the passphrase on the command line.



      I hope that it is clear enough what I am trying to achieve. Any ideas are appreciated.










      share|improve this question














      I am working on a computer program that stores and retrieves secrets and needs to run without user interaction on the server.



      I have successfully set everything up in my system to use gpg-agent to retrieve the cached passphrase without user interaction to encrypt and decrypt data with gpg2 --symmetric when I specify a file name.



      However, this requires me to temporarily store my data on the disk without encryption. I do not want to put unencrypted data on my disk. So now I have changed things to work with STDIN and STDOUT rather than disk files.



      The command I am testing with is this: cat test.txt | gpg2 --symmetric -o test.gpg.



      The problem is that now it does not seem possible to get the passphrase cached and so I must enter it interactively each time. This will not work for my server program.



      I have tried using gpg-preset-passphrase for this. I do not know if it is possible though because it wants a "KEYGRIP". One rough idea I have is this: maybe there is some default keygrip that gpg2 uses with --symmetric and STDIN. But I don't know if that idea will pan out.



      I am not planning to specify a passphrase in my code with --passphrase because that means I need to store a secret in the code, which I am not going to do.. and it would allow anyone who could access the code to decrypt the files. It would also expose the passphrase on the command line.



      I hope that it is clear enough what I am trying to achieve. Any ideas are appreciated.







      linux bash security encryption gnupg






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 7 hours ago









      Jason LivesayJason Livesay

      1013




      1013






















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1427517%2fhow-can-i-cache-a-passphrase-for-use-in-a-script-that-uses-gpg2-symmetric-with%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1427517%2fhow-can-i-cache-a-passphrase-for-use-in-a-script-that-uses-gpg2-symmetric-with%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

          Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

          VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...