解决 crontab 下运行 gpg 文件加解密问题
Posted on8 年前, Last updated on8 年前by ueaner
关于 gpg 请查看 PGP 文件加解密.
一般我们在终端使用 gpg 命令手工加解密,按提示输入相应的选项,完成加解密没有任何问题, 当我们需要自动化时往往得写一段脚本放在 crontab 里。
文件加密
更新公钥的信任级别(trust level),已避免需要手工确认。
$ gpg --edit-key <Uid>
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 1024D/6EDA5E6F created: 2013-08-29 expires: never usage: SCA
trust: full validity: unknown
sub 1024g/32E0CB1C created: 2013-08-29 expires: never usage: E
[ unknown] (1). <Uid>
gpg> trust
pub 1024D/6EDA5E6F created: 2013-08-29 expires: never usage: SCA
trust: full validity: unknown
sub 1024g/32E0CB1C created: 2013-08-29 expires: never usage: E
[ unknown] (1). <Uid>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub 1024D/6EDA5E6F created: 2013-08-29 expires: never usage: SCA
trust: ultimate validity: unknown
sub 1024g/32E0CB1C created: 2013-08-29 expires: never usage: E
[ unknown] (1). <Uid>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> quit
选择 5
最高的信任级别。将以下命令放入 crontab:
gpg -o <encryptFile.gpg> -r <Uid> -e <originalFile>
没有任何问题。
文件解密
但是我们把下面解密这句放入 crontab,发现无法解密:
gpg -o <outputFile> --passphrase <password> -d <decryptFile.gpg>
改用:
echo "password" | gpg --batch --passphrase-fd 0 --output <outputFile> --decrypt <decryptFile.gpg>
Good Luck!
参考
GnuPG: http://www.gnupg.org/gph/en/manual/x334.html
stackoverflow: http://stackoverflow.com/questions/10878305/what-are-the-best-practice-to-use-passphrase-in-a-batch
转载请注明出处。
本文地址:http://blog.soliphp.com/post/linux/crontab-run-gpg-automatic-encryption-and-decryption