- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- GNUPG Encryption/Decryption in Batch on OpenVMS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2008 11:17 AM
тАО03-11-2008 11:17 AM
Does anyone use GNUPG, and can anyone help me with passing the passphrase to the decrypt command from within the script? I currently have the passphrase stored in a file which is read by the procedure, it is then placed into a symbol.
however the decrypt command doesn't seem interested in the symbol at all.
I saw a comment by Steven (sorry I forgot your surname, but I see you in this forum all the time) relating to a similar problem on HPUX, and I wondered if perhaps he would like to chime in.
thanks,
Dave.
Solved! Go to Solution.
- Tags:
- encryption
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2008 03:47 PM
тАО03-11-2008 03:47 PM
SolutionIt depends on how the program has been coded. Do you know if it reads from SYS$INPUT or SYS$COMMAND?
Have you tried PIPE?
$ PIPE WRITE SYS$OUTPUT "passphrase" | GNUPG...
or
$ PIPE TYPE PASSPHRASE.TXT | GNUPG...
Sometimes it may help to redirect SYS$COMMAND to convince a program it's not running interactively, and to read from SYS$INPUT instead of the terminal:
$ PIPE WRITE SYS$OUTPUT "passphrase" | -
(DEFINE/USER SYS$COMMAND NL: ; GNUPG...)
or, if the program reads from SYS$COMMAND unconditionally, maybe:
$ PIPE WRITE SYS$OUTPUT "passphrase" | -
(DEFINE/USER SYS$COMMAND SYS$PIPE ; GNUPG...)
If none of those work, please post your example code and a transcript of what happens.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2008 04:15 AM
тАО03-12-2008 04:15 AM
Re: GNUPG Encryption/Decryption in Batch on OpenVMS
of whose GnuPG you're using, and exactly what
you've tried to do with it where, but this
method seems to work for me (still
interactive here, but what could go wrong?):
alp $ pp_symb = "(Oh, wouldn't you like to know?)"
alp $ pipe write sys$output pp_symb | gpg --passphrase-fd 0 FRED.TXT-GPG
Reading passphrase from file descriptor 0
You need a passphrase to unlock the secret key for
user: "Steven M. Schweda (Antinode)
2048-bit ELG-E key, ID 5D5FDBC7, created 2006-08-09 (main key ID FA00E2F4)
gpg: encrypted with 2048-bit ELG-E key, ID 5D5FDBC7, created 2006-08-09
"Steven M. Schweda (Antinode)
That's using mine, of course:
alp $ gpg --version
gpg (GnuPG) 1.4.8a
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /SYS$LOGIN/gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
alp $ write sys$output f$getsyi( "version")
V7.3-2
> It depends on how the program has been
> coded. [...]
I haven't looked too closely at from what it
reads interactively. I don't immediately see
any VMS-specific stuff, so I suspect that it
normally ends up using SYS$COMMAND (one way
or another). (util/ttyio.c with HAVE_CTERMID
defined should use ctermid(), and "HELP CRTL
ctermid" says SYS$COMMAND, but I haven't
verified anything.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2008 04:24 AM
тАО03-12-2008 04:24 AM
Re: GNUPG Encryption/Decryption in Batch on OpenVMS
> file [...]
http://gnupg.org/gph/en/manual.html#AEN513
Protecting your private key
Protecting your private key is the most
important job you have to use GnuPG
correctly. [...]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2008 10:34 AM
тАО03-12-2008 10:34 AM
Re: GNUPG Encryption/Decryption in Batch on OpenVMS
I was able to make it work using the
$ pipe ty
but curiously enough, it only worked in batch. When I ran it interactively it still seems to stick at the "Enter passphrase:" prompt, although I might be wrong about that. (I tend to think that this really is a "sys$command" issue).
The important thing is that this solution works for me in batch, which is where it will be running.
Thanks again.
Dave.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2008 10:41 AM
тАО03-12-2008 10:41 AM
Re: GNUPG Encryption/Decryption in Batch on OpenVMS
> in batch. [...]
Well, duh. Perhaps SYS$COMMAND is different
in batch mode from what it is in interactive
mode. You think?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2008 10:53 AM
тАО03-12-2008 10:53 AM
Re: GNUPG Encryption/Decryption in Batch on OpenVMS
pipe xxx | gpg --passphrase-fd 0 [...]
scheme seems to work in batch mode, too, as
expected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2008 10:00 AM
тАО06-13-2008 10:00 AM
Re: GNUPG Encryption/Decryption in Batch on OpenVMS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2008 10:21 AM
тАО06-13-2008 10:21 AM
Re: GNUPG Encryption/Decryption in Batch on OpenVMS
If the only secure passphrase storage is your
brain, and if your brain is not easily
accessed from a batch job, then I'd tend to
use keys without passphrases in batch jobs.
Other things may be possible, depending on
your actual requirements, but I suspect that
the security provided by a passphrase stored
on a computer may be about as good as that
provided by no passphrase.