更新于 2013-11-17 05:09:14 UEANER

关于 gpg 请查看 PGP 文件加解密.

一般我们在终端使用 gpg 命令手工加解密,按提示输入相应的选项,完成加解密没有任何问题, 当我们需要自动化时往往得写一段脚本放在 crontab 里。

文件加密

更新公钥的信任级别(trust level),已避免需要手工确认。

$ gpg --edit-key <Uid>
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  1024D/6EDA5E6F  created: 2013-08-29  expires: never       usage: SCA 
                     trust: full          validity: unknown
sub  1024g/32E0CB1C  created: 2013-08-29  expires: never       usage: E   
[ unknown] (1). <Uid>

gpg> trust
pub  1024D/6EDA5E6F  created: 2013-08-29  expires: never       usage: SCA 
                     trust: full          validity: unknown
sub  1024g/32E0CB1C  created: 2013-08-29  expires: never       usage: E   
[ unknown] (1). <Uid>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub  1024D/6EDA5E6F  created: 2013-08-29  expires: never       usage: SCA 
                     trust: ultimate      validity: unknown
sub  1024g/32E0CB1C  created: 2013-08-29  expires: never       usage: E   
[ unknown] (1). <Uid>
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> quit

选择 5 最高的信任级别。将以下命令放入 crontab:

gpg -o <encryptFile.gpg> -r <Uid> -e <originalFile>

没有任何问题。

文件解密

但是我们把下面解密这句放入 crontab,发现无法解密:

gpg -o <outputFile> --passphrase <password> -d <decryptFile.gpg>

改用:

echo "password" | gpg --batch --passphrase-fd 0 --output <outputFile> --decrypt <decryptFile.gpg>

Good Luck!

参考

GnuPG: http://www.gnupg.org/gph/en/manual/x334.html
stackoverflow: http://stackoverflow.com/questions/10878305/what-are-the-best-practice-to-use-passphrase-in-a-batch
转载请注明出处。
本文地址:http://blog.aboutc.net/linux/58/crontab-run-gpg-automatic-encryption-and-decryption

评论:1

xiaoY 2017-03-02 08:42:31
666,非常棒,感谢分享
关闭高亮高亮 分享到新浪微博分享到新浪微博