Search code examples
cmdgnupgpgp

GPG --gen -key with password in a separate file

I want to encrypt a file using a passphrase, which I did using gpg --gen-key to create a key (I used the default options) in the command line, and I also go this to work in an "automated" way without user interaction.

But, I'd like to specify the passphrase stored in a separate file. This is what I'm running now:

gpg --batch --gen-key "D:\Staging\FileContainingKeySettings.txt"

And what's in the file called "FileContainingKeySettings.txt" is this:

%echo Generating a default key
Key-Type: default
Subkey-Type: default
Name-Real: PBJ
Name-Comment: test
Name-Email: [email protected]
Expire-Date: 0
Passphrase:blah
%commit
%echo done

So that works and generates the key.

Then I call this:

gpg --batch --yes -r PBJ --output D:\Staging\newEncryptedFile.txt --encrypt 
D:\Staging\textfiletobeencrypted.csv

And this works too.

So now I have 1 problem and 1 question. The problem is that I need to specify the passphrase to reference a file that looks like this (but much longer):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.47

[encoding]

-----END PGP PUBLIC KEY BLOCK-----

instead of using the password where I wrote "blah"^, and I haven't found a way to do this online or from any other team members around me. How can I do that?

Question: I also notice now that the file I was sent containing the encryption key reads at the top 

" -----BEGIN PGP PUBLIC KEY BLOCK-----"

...which says it uses PGP (but I am using gpg). I know that gpg and pgp are different and read about them, but can I even do what I'm trying to do using gpg to encrypt a file with a key that was apparently generated with pgp?

(in Windows)

Solution

  • UPDATE: Now I may have gotten this working, although I still have to validate by having the other person decrypt the message (it works fine when I decrypt it). Silly I didn't think of this code change earlier when I've actually tried this before...I simply changed my cmd call from this part:

    gpg --batch --gen-key "D:\Staging\FileContainingKeySettings.txt"

    to this instead, specifying the passphrase file location here instead:

    gpg --batch --passphrase "D:\Staging\FileWithActualKey.txt --gen-key 
"D:\Staging\FileContainingKeySettings.txt"

    and I took the password line out of the file "FileContainingKeySettings" altogether. I haven't tested this by having the other person decrypt it yet on their end...I hope it worked. At least I didn't get error. But now when I run this line again to actually do encryption, it works:

    gpg --batch --yes -r PBJ --output D:\Staging\newEncryptedFile.txt --encrypt 
D:\Staging\textfiletobeencrypted.csv