gpgsm Command Line Decryption and Passphrase

Hi,

In command line:

gpgsm -o Outputfile.txt -d InputFile.p7m

I manually have to write passphrase in a pinentry window.

Is it possible in command line to write the “Passphrase” value?

I have search this forum and found interesting information about doing this with

echo YOURpassPHRASE|gpgsm --batch --yes --passphrase-fd 0 -o Outputfile.txt -d InputFile.p7m

I get gpgsm: invalis option “—passphrase-fd”

Is it possible to do this?

We use X.509 certificates.

Thanks!

Hi!

As I copied your line wich states the invalid option argument, I noticed, that in front of the options, there are not two dashes “–”, but one long dash “—”. This may already help.

The “–passphrase-fd n” option reads the passphrase from the file that is located at “n”. So

echo YOURpassPHRASE|gpgsm --batch --yes --passphrase-fd 0 -o Outputfile.txt -d InputFile.p7m

Is just a work around to not save the passphrase into a file. But note, that you have to escape special chracters.

However, it could be that your version is that old, that --passphrase-fd is not implemented. I got a local installation of “gpgsm (GnuPG) 2.2.0” and i have the option installed.

It seems that you are working with or for a company, if you have further questions and issues, please consider consulting our paid and professional support (Gpg4win - Professional Support). If you are just curious, consider a donation (Gpg4win - Donate) to keep up the work at Gpg4win.

Hope my answer helped,
Jochen

Hi,

I have used two dashes “–” see attached file.

I use gpg4win version 2.3.4 downloaded from https://www.gpg4win.org/

I think it is strange that passphrase-fd is not implemented in this version.

Is there another way to do this?

I think it is very strange that this is so difficult. This is something that everyone is interested to do. I hope that you can tell the answer/advice here because it is not only me that is interested in this.

Thanks

Jo

Passphrase.JPG

Hi Jo,

note that there are a number of different use case how to enter a passphrase
automatically. (And yes, it should get its own wiki page to have an overview of the answers.)

a) unattended machine, rebootable:
→ use a secret key without passphrase
b) unattended machine, manual reboot:
→ use gpg-preset-passphrase with the agent

Variant of a) and b) to protect the secret key material better:
→ use a hardware crypto token (usb stick or smartcard)
(Currently I’m unsure if there are smartcard without pins for a)).

c) Passphrase is coming from a different code part (e.g. interactively)
→ fullfill the pinentry protocol, so your code is a special pinentry

Hope this helps, asking on gnupg-users@ is another options.
Best,
Bernhard

Ok, thanks Bernhard

… but I don’t understand why passphrase-fd is not implemented here when Jochen have it in an older version…

I actually use the newest version that is packaged in the Release Candidates (https://wiki.gnupg.org/Gpg4win/Testversions)

ok, so passphrase-fd is not working in gpg4win version 2.3.4? I will try the testversion.

I have testet with https://wiki.gnupg.org/Gpg4win/Testversions

and command:

echo YOURpassPHRASE|gpgsm --batch --yes --passphrase-fd 0 -o Outputfile.txt -d InputFile.p7m

Now I don’t get any error regarding “passphrase-fd” :slight_smile:

but I get the pinentry window and have to write the passPhrase. Must I do something more to avoid to write the passPhrase?

Thanks.

I now use Gpg4win 3.0 pre-release versions.

echo YOURpassPHRASE|gpgsm --batch --yes --passphrase-fd 0 -o Outputfile.txt -d InputFile.p7m

I must write Passphrase - ref attached file.

How can I setup this so that I don’t need to write Passphrase in pinentry?

I can’t find any infomation about how to setup this in this new version.

Can you please give some advice?

Thanks

PassphrasePassword.JPG

I don’t need Passphrase. Then it’s working. Thanks