LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Verifying Passphrase in GPG (https://www.linuxquestions.org/questions/linux-newbie-8/verifying-passphrase-in-gpg-4175499992/)

Mesopotamia 03-30-2014 10:52 PM
Verifying Passphrase in GPG
 
Hi all,

I've written a script which creates an encrypted file from a plain text file using the following string:

Code:
gpg --passphrase supersecretpassword --cipher-algo AES256 --symmetric ~/password.txt
I've also written a script which decrypt the same file using the following:

Code:
gpg --batch --yes --passphrase supersecretpassword -o password.txt -d password.gpg &> /dev/null
The scripting language I used is bash!

My problem here as that I want the script to throw an error when the entered passprhase (i.e the passphrase is entered manually) is wrong.

I have no idea how I could get gpg to do the following:

Code:
if [ passphrase is wrong ]
then
    quit the script!
else
    continue the script!
It would be appreciated if someone who's experienced with GPG could shed some light of how do it!

Thanks

evo2 03-30-2014 11:42 PM
Hi,

the did you check the exit code? Ie the value of $? after running gpg? Eg
Code:
gpg --batch --yes ....
if [ "$?" != "0" ] ; then
  echo "Error running gpg!"
else
  echo "Ok."
fi
Evo2.

PS.
As an aside, from the gpg man page:
Code:
      --passphrase string
              Use  string as the passphrase. This can only be used if only one passphrase is
              supplied. Obviously, this is of very questionable  security  on  a  multi-user
              system. Don't use this option if you can avoid it.

Mesopotamia 03-31-2014 03:33 PM
Thank you very much Evo2! It worked! :D

evo2 03-31-2014 04:52 PM
Hi,
Quote:
Originally Posted by Mesopotamia (Post 5144295)
Thank you very much Evo2! It worked! :D
Glad it worked.

However please note that what you are doing is quite insecure: any process running on your system will be able to see your passphrase. It is usually better to use something like gpg-agent or whatever keyring manager your desktop environment uses.

Cheers,

Evo2.

Mesopotamia 03-31-2014 04:54 PM
Quote:
Originally Posted by evo2 (Post 5144348)
Hi,

Glad it worked.

However please note that what you are doing is quite insecure: any process running on your system will be able to see your passphrase. It is usually better to use something like gpg-agent or whatever keyring manager your desktop environment uses.

Cheers,

Evo2.
Yep, I understand the risk associated with that :)

Cheers


All times are GMT -5. The time now is 11:48 PM.