Suppress the passphrase prompt in GPG command

Question

Edited Version

I have a question about GPG, but I write all of the process, maybe it will help someone.

I want to: Suppress the passphrase prompt in GPG command. I don't want to: use -c option (--symmetric).

I have 2 systems Linux and Windows. I want to send the data from Linux to Windows. I want to encrypt the data in Linux and decrypt in Windows.

myFileOnLinux.txt is a file on Linux that I want to encrypt.
my@Email.com the UID of pair key.
myPasswordPhrase is the password phrase.

I installed GPG on both and did the steps:

Generate a pair key in Windows:
```
gpg --gen-key
```

Change the key parameter in Windows:

gpg --edit-key my@Email.com

trust
5
expire
0

Export the public keys:

gpg -a --export my@Email.com > public.key

Send the public key to the Linux machine.
Import the public key in Linux.
```
gpg --import public.key
```
Change the trust parameter in Linux
```
gpg --edit-key my@Email.com
```
```
trust
5
```

Encrypt a file in Linux

gpg --output output.enc --encrypt --recipient my@Email.com myFileOnLinux.txt

Send the encrypted file to Windows.

Decrypt the file.

gpg --batch --passphrase "myPasswordPhrase" -d -o test.dec output.enc

In Windows with a popup window it asked me the Passphrase again. How can I avoid it?

Found this: https://unix.stackexchange.com/questions/60213/gpg-asks-for-password-even-with-passphrase — i486, Mar 02 '18 at 19:20
@i486 Thanks, but as I mentioned, I don't want use -c as option. — Malus Jan, Mar 02 '18 at 19:44
@MalusJan were you able to get this resolved? I am facing similar issue on gnupg2.x for Windows. — Ditty, Apr 06 '18 at 03:12
@Ditty -c, --symmetric Encrypt with symmetric cipher only This command asks for a passphrase. Like have just one password (there is not private and public password). Look at the link for more options [Link](https://gnupg.org/documentation/manpage.html#sec-2-4) — Malus Jan, Apr 09 '18 at 12:15

score 75 · Accepted Answer · edited Nov 08 '19 at 12:15

75

After a lot of digging I found this command which disables the entry prompt on windows(works also for *nix systems):

--pinentry-mode=loopback

The full command would be:

gpg --pinentry-mode=loopback --passphrase  "PASSWORD" -d -o "PATH\TO\OUTPUT" "PATH\TO\FILE.gpg"

edited Nov 08 '19 at 12:15

Haseeb Zulfiqar

316
3
11

answered May 14 '18 at 15:31

Marc Tifrea

912
8
6

4

OMG I have been wasting hours trying to figure this out. Every answer out there is either using an older version of gpg where the passphrase/batch options used to work in windows, or they are linux users where those options still work. THANK YOU. – Bitfiddler Nov 16 '18 at 23:08
2

GPG 1.4.7 was working fine with "--batch" switch to suppress interactive command. For GPG 2.2+ "--batch" switch did not work but "--pinentry-mode=loopback" worked to suppress passphrase window while running command. Thanks for solution! – Mayank Jha Feb 21 '19 at 11:56
This worked. However the "--batch" and "--yes" switch I had to keep. If the destination file existed then the overwrite pop up would hold up the process. So adding those two switches automatically suppressed and answered yes to overwrite. – sunpack Oct 04 '19 at 15:40
@sunpack `--pinentry-mode=loopback` works fine for me with and without `--batch` and `--yes` on gpg v2.2.20, also in conjunction with `--passphrase-fd 0` and piping in the passphrase. `--batch` and `--yes` alone did not work for me either as @mayank-jha already mentioned above. – antiplex Jul 16 '20 at 16:20
Let's see what man say: `If this command (--quick-gen-key) is used with --batch, --pinentry-mode has been set to loopback, and one of the passphrase options (--passphrase, --passphrase-fd, or passphrase-file) is used, the sup- plied passphrase is used for the new key and the agent does not ask for it. ` – Evan Hu Jul 13 '22 at 07:46

score 5 · Answer 2 · answered May 07 '21 at 18:16

5

gpg --batch --import sec.key
gpg -d --batch --passphrase mypassphrase encrypted_file.gpg

the --batch flag supresses the passphrase prompt while importing keys as well as while decrypting the files.

answered May 07 '21 at 18:16

Jenison Gracious

486
4
13

Jake Boomgaarden · Answer 3 · 2022-05-12T04:53:54.727

If you want to use symmetric keys (-c option) then you just need to add the --quiet and --batch flags.

Here is a full working example:

gpg --symmetric --cipher-algo AES256 --passphrase mySuperCoolPassphrase --quiet file_to_encrypt.tftpl

github also has a working example of this which they use to decrypt the file in an automation https://docs.github.com/en/actions/security-guides/encrypted-secrets#limits-for-secrets

UPDATE

There is an issue with gpg decryption that made me think twice about using it in production. (Basically it hangs indefinitely unless you manually tinker with it) so I've decided to go with https://github.com/FiloSottile/age instead as it is simple to use, highly rated, and seems very reliable

Suppress the passphrase prompt in GPG command

Edited Version

3 Answers3

Linked