How to use gpg command-line to check passphrase is correct

后端 未结 4 1274
谎友^
谎友^ 2021-01-30 00:35

I am trying to automate backups with duplicity, but when I test the result, I get

gpg: public key decryption failed: bad passphrase

4条回答
  •  鱼传尺愫
    2021-01-30 01:02

    There is no in-built method for doing this, but it is simple enough to create a test that doesn't modify anything and allows you to just check your passphrase.

    You didn't specify, so I will assume you are using GnuPG version less than v2 and are on Linux with Bash for your commandline interpreter.

    I will give the command here and below I will explain what each part does - (note: the following is for GnuPG series version 1, see below for GnuPG series v2)

    echo "1234" | gpg --no-use-agent -o /dev/null --local-user -as - && echo "The correct passphrase was entered for this key"

    What that does is first, pipe some text to sign to GnuPG with echo "1234" | - because we don't really want to sign anything, this is just a test, so we will sign some useless text.

    Next, we tell gpg to not use the key agent with --no-use-agent; this is important later because, depending on your key agent, it may not return "0" on success, and that is all we want to do - verify success of your passphrase.

    Next, we tell gpg to put the signed data directly into the /dev/null file, meaning we discard it and not write the result to the terminal -- NOTE: if you are not using some variant of Linux/Unix, this file may not exist. On windows you may have to just allow it to write the signed data to the screen by just omitting the -o /dev/null part.

    Next, we specify the key we want to do our test with by using --local-user 012345. You can use the KeyID for maximum specificity, or use a username, whichever best suites your needs.

    Next we specify -as, which enables ascii output mode, and sets the context mode for signing. The - afterwards just tells GnuPG to get the data to be signed from standard-in, which is the very first part of the command we gave echo "1234" |.

    And last, we have && echo "A message that indicates success" -- the "&&" means, if the previous command was successful, print this message. This is just added for clarity, because the success of the command above would otherwise be indicated by no output at all.

    I hope that is clear enough for you to understand what is going on, and how you can use it do the testing you want to do. If any part is unclear or you do not understand, I will be glad to clarify. Good luck!

    [EDIT] - If you are using GnuPG v2, the above command will need to be modified slightly, like so:

    echo "1234" | gpg2 --batch --passphrase-fd 1 -o /dev/null --local-user -as - && echo "The correct passphrase was entered for this key"

    The reason being, GnuPG v2 expects the passphrase to be retrieved via an agent, so we cannot disable the use of the agent with --no-use-agent and have the desired effect; instead we need to tell GnuPG v2 that we want to run a "batch" process, and retrieve the passphrase from STDIN (standard in) by using the option --passphrase-fd 1.

提交回复
热议问题