HPE Community
Operating System - HP-UX
1836598 Members
1907 Online
110102 Solutions
New Discussion

trying to batch/cron pgp

 
SOLVED
Go to solution
Nick D'Angelo
Super Advisor

‎09-20-2007 06:02 AM

‎09-20-2007 06:02 AM

trying to batch/cron pgp

HPUX11i.

From the command prompt, I can get the following command to work:

pgp -e filename.txt keyuserid

However, it prompts me for Y or N to accept the keyuserid.

I have tried pgp -e +force +batchmode filename.txt keyuserid but it fails on: Encryption error

I should also state that the keyuserid is in my keyring as it works from the prompt, but not in batchmode.

Suggestion?
Always learning
0 Kudos
Reply
10 REPLIES 10
Steven Schweda
Honored Contributor

‎09-20-2007 07:57 AM

‎09-20-2007 07:57 AM

Re: trying to batch/cron pgp

It might help to know which version of PGP
you are using. It might also help to see a
transcript showing exactly what you did and
what happened when you got it to work
interactively, and an actual script which
fails, and a transcript showing that failure.

I'd guess that you might get a confirmation
request if the userid were ambiguous (but my
version on VMS seems to run with the first
match it finds, so no bets).
0 Kudos
Reply
Nick D'Angelo
Super Advisor

‎09-24-2007 12:10 AM

‎09-24-2007 12:10 AM

Re: trying to batch/cron pgp

HPUX 11i
pgp Version 6.5.8

This is what I execute from the prompt and notice it asks me to confirm Y before proceeding.

gp -e last.log Wachovia
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.



Recipients' public key(s) will be used to encrypt.

Key for user ID: Bank
1024-bit DSS key, Key ID 0x64016085, created 2002/02/02
WARNING: Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: "Bank ".

Are you sure you want to use this public key (y/N)?

I have removed the banks name and changed it to bank.com for security reasons.
Always learning
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎09-24-2007 04:02 AM

‎09-24-2007 04:02 AM

Solution

Re: trying to batch/cron pgp

> WARNING: Because this public key is not
> certified with a trusted signature, [...]

Sounds as if that's the thing you need to
change.

> [...] Version 6.5.8 [...]

Too new for me, but I'd guess/hope that
there's some mechanism for increasing its
confidence in a particular key. (Or else
of persuading it not to care.)
Reply
Nick D'Angelo
Super Advisor

‎09-24-2007 05:15 AM

‎09-24-2007 05:15 AM

Re: trying to batch/cron pgp

Steven,

I got around my problem by using expect to generate a response to the question.

Thanks.

Nickd
Always learning
0 Kudos
Reply
OldSchool
Honored Contributor

‎09-24-2007 05:38 AM

‎09-24-2007 05:38 AM

Re: trying to batch/cron pgp

based on information found here:

http://www.acm.org/crossroads/xrds6-5/pgptutorial.html

it appears that you need to "certify" the public key
(Keys, sign)

Note the number following the "-ks" is the Key Id from your message:

$ pgp -ks 0x64016085




0 Kudos
Reply
Steven Schweda
Honored Contributor

‎09-24-2007 07:34 AM

‎09-24-2007 07:34 AM

Re: trying to batch/cron pgp

> [...] pgp -ks [...]

Yeah. That's the thing.

> [...] using expect [...]

But if a man wants to carry the cat home by
its tail, I say, "Let him."
0 Kudos
Reply
Nick D'Angelo
Super Advisor

‎09-24-2007 07:36 AM

‎09-24-2007 07:36 AM

Re: trying to batch/cron pgp

I have another issue. I set up pgp as root, which is probably a good thing.

However, I need to add permissions to the the batch userid to be able to use the keys and pgp and it is not able to run.

Arrgh.

nickd
Always learning
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎09-24-2007 07:46 AM

‎09-24-2007 07:46 AM

Re: trying to batch/cron pgp

> I have another issue.

Is that anything like a problem?

> [...] it is not able to run.

This is not a good description of the
symptom(s).

Not having tried it, I'd assume that one
could make a symbolic link to point one user
to another user's key-ring file. As for
permissions, as I recall, no one cares much
about the public key ring, which is what
you're using here. (It is a _public_ key
ring, after all.)
0 Kudos
Reply
Mario Heredia_1
Occasional Advisor

‎09-24-2007 07:28 PM

‎09-24-2007 07:28 PM

Re: trying to batch/cron pgp

I have the solution!
A variable must be defined within your pgp script. This variable is the PGPPASS variable. This precludes the need for a y/n interactive encryption. I belive PGPPASS is set you your keyrings passphrase...
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎09-25-2007 01:32 AM

‎09-25-2007 01:32 AM

Re: trying to batch/cron pgp

> I have the solution!

To what? No one is asking for a pass-phrase
here (because he's encrypting, not
decrypting).

> A variable must be defined within your pgp
> script. This variable is the PGPPASS
> variable.

Oh, yeah. The best way to keep a secret is
to store it in a script. Great "solution",
but not for this problem.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.