GPG2 encryption options

Peter Pentchev roam at ringlet.net
Thu Oct 3 13:33:32 CEST 2013 

On Wed, Oct 02, 2013 at 09:46:24PM -0700, mightymouse2045 wrote:
> Hi there,
> 
> I'm wondering if gpg2 can be used to encrypt a file using a keyfile. The
> term keyfile is used to refer to a static file where the contents are read
> into gpg2 to be used as the passphrase for the encryption process.
> 
> for example:
> 
> ccrypt -e --keyfile ~/.somefile ~/the_file_to_be_encrypted.doc
> 
> So the above ccrypt command encrypts the file_to_be_encrypted.doc with the
> first line take from .somefile
> 
> ccrypt -d --keyfile ~/.somefile ~/the_file_to_be_encrypted.doc.ctd
> 
> and the above command decrypts it....
> 
> Is this possible with gpg2? I like this because I can use random files taken
> from the 100,000's+ static non-changing files on my system as passwords for
> encrypting and decrypting files etc. I'd just prefer to be using gpg2 as I
> can then specify algo's hash's etc instead of being stuck with AES.
> 
> There are some files I don't like having to enter a passphrase for each time
> due to them be accessed very frequently, but I don't want the contents of
> them being stored plaintext either.

If the contents of the keyfile "looks like" a single line of text (e.g.
a passphrase), then you can use gpg --symmetric (or -c for short) and
pass the file in using the --passphrase-fd option.  The simplest way to
do it is to pass the file on the standard input and specify 0 as the
number of the file descriptor for the passphrase:

  gpg -c --passphrase-fd 0 somefile.doc < keyfile.txt

This command should create a somefile.doc.gpg file that you may later
decrypt by:

  gpg -d --passphrase-fd 0 somefile.doc.gpg < keyfile.txt

Of course, you do not have to use the standard input for this; some
shells will allow you to open a new file descriptor for reading from a
file:

  gpg -d --passphrase-fd 7 somefile.doc.gpg 7< keyfile.txt

Hope this helps!

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net roam at FreeBSD.org p.penchev at storpool.com
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
If this sentence didn't exist, somebody would have invented it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20131003/52744dfa/attachment.sig>

More information about the Gnupg-users mailing list