Mailing List Archive

On 3/28/12 2:09 PM, Roberts, David M [ITSYS] wrote:
> Any help or insight is appreciated.

Switch to GnuPG 1.4.12. This is not a downgrade; both GnuPG 1.4 and
GnuPG 2 are fully-supported, stable code. Your script will (likely!)
work just fine with GnuPG 1.4.12.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

"Roberts, David M [ITSYS]" <dmrober@iastate.edu> writes:

> I've got a batch script that signs and encrypts files using GnuPG1.2.6
> running on a REHL4 system. We are upgrading the system to RHEL6 which
> comes with Gnupg2.0.14 and the scripts no longer run correctly.
>
> gpg -u "signing-key" -r "receiving_pub-key" -sea -o /output.pgp
> --batch --passphrase-fd 0 < /phrase.txt /plaintext.txt
>
> When I run this command on the new system I get a message like this
>
> You need a passphrase to unlock the secret key for
> user: "signing-key"
> 2048-bit RSA key, ID EAA21D37, created 2012-03-26
> can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory

GnuPG 2 uses the agent. It may not be entirely relevant, but I managed
to run ssh with the gpg-agent unattended on a server:

http://blog.josefsson.org/2011/10/11/unattended-ssh-with-smartcard/

I have not tested whether it works with private keys stored encrypted on
disk, but I see no fundamental reason why it wouldn't work. You can
ignore the SSH aspect of it, which should make it simpler.

/Simon

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Would it not help to try the option for the passphrase directly, like this:



--passphrase-file filename



From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On
Behalf Of Roberts, David M [ITSYS]
Sent: Wednesday, March 28, 2012 1:09 PM
To: gnupg-users@gnupg.org
Subject: sign and encrypt from batch script



I've got a batch script that signs and encrypts files using GnuPG1.2.6 running
on a REHL4 system. We are upgrading the system to RHEL6 which comes with
Gnupg2.0.14 and the scripts no longer run correctly.



gpg -u "signing-key" -r "receiving_pub-key" -sea -o /output.pgp --batch
--passphrase-fd 0 < /phrase.txt /plaintext.txt



When I run this command on the new system I get a message like this



You need a passphrase to unlock the secret key for

user: "signing-key"

2048-bit RSA key, ID EAA21D37, created 2012-03-26

can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory



I've tried to invoke the gpg-agent

gpg-agent -daemon -batch gpg -u "signing-key" -r "receiving_pub-key" -sea -o
/output.pgp --batch --passphrase-fd 0 < /phrase.txt /plaintext.txt



You need a passphrase to unlock the secret key for

user: "signing-key"

2048-bit RSA key, ID EAA21D37, created 2012-03-26



gpg: problem with the agent: Bad passphrase

gpg: skipped "signing-key": General error





We don't need S/MIME or Mail on this system, just GPG in batch mode.



Any help or insight is appreciated.



Thanks,

Dave





David M. Roberts

Iowa State University

Information Technology Services

dmrober@iastate.edu

515-294-0288

Thanks.

I've installed version 1.4.12, deleted and recreated the sym-link /usr/bin/gpg to point to the new executable instead of gpg2. I also had to set the trust level on all the public keys in our key-ring, version 1.2.6 apparently didn't care if the trust level wasn't set. Now the scripts are working on the new system.

And gpg2 is still installed for all the dependencies linked to it under RHEL6.

David M. Roberts
Iowa State University
Information Technology Services
dmrober@iastate.edu
515-294-0288

-----Original Message-----
From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Robert J. Hansen
Sent: Wednesday, March 28, 2012 1:14 PM
To: gnupg-users@gnupg.org
Subject: Re: sign and encrypt from batch script

On 3/28/12 2:09 PM, Roberts, David M [ITSYS] wrote:
> Any help or insight is appreciated.

Switch to GnuPG 1.4.12. This is not a downgrade; both GnuPG 1.4 and GnuPG 2 are fully-supported, stable code. Your script will (likely!) work just fine with GnuPG 1.4.12.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 3/29/2012 9:45 AM, Roberts, David M [ITSYS] wrote:
> Thanks.

Sure thing. Just remember that it was a Hawkeye who had to come to
y'all's rescue. ;)

(For the non-Iowans: I'm a graduate of the University of Iowa, whereas
Mr. Roberts is an employee of Iowa State University. Describing the two
institutions as having a good-natured rivalry is probably understating
things.)

> I also had to set the trust level on all the public keys in our
> key-ring, version 1.2.6 apparently didn't care if the trust level
> wasn't set.

You can add "trust-model always" to the end of your ~/.gnupg/gpg.conf
file and avoid this step.

> Now the scripts are working on the new system.

Wonderful!

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users