All geek questions in one place

Decrypt an encrypted gpg file using an external secret key

I encrypt the file using gpg , now I want to decrypt the file.

Is there a way to decrypt a file without having to import a secret file?

We have a secret key in a file called key.sec ; can we pass the secret file to gpg as a parameter (when we run the decrypt command from the bash command line) to use when decrypting the encrypted file? Or should we import the secret key and then decrypt the encrypted files?

+6
source share
2 answers

You must add the secret key to the keychain. From the gpg(1) documentation gpg(1) :

  --no-default-keyring Do not add the default keyrings to the list of keyrings. Note that GnuPG will not operate without any keyrings, so if you use this option and do not provide alternate keyrings via --keyring or --secret-keyring, then GnuPG will still use the default public or secret keyrings.

You can --import --no-default-keyring --secret-keyring temporary import the key using --secret-keyring temporary when decrypting the contents, and then delete the file ~/.gnupg/temporary.gpg when you ~/.gnupg/temporary.gpg done. But this is just a workaround.

+9
source

You need to import the private key in order to use it , but the management of private keys with GnuPG version 2.x has changed. There is a gpg-agent daemon that handles access to private keys, and its use is mandatory since version 2.1.

Here you can quickly create a temporary keychain for decryption using the secret key contained in the file:

 $ mkdir -m 700 ~/.gnupg-temp $ gpg --homedir .gnupg-temp --import key.sec $ gpg --homedir .gnupg-temp -d an_ecrypted_file

If you want to clean later, stop the agent and delete the directory:

 $ gpg-connect-agent --homedir .gnupg-temp KILLAGENT /bye $ rm -r ~/.gnupg-temp

There used to be the --secret-keyring option, which documentation for version 2.1 has this to say:

This is an obsolete option and is ignored. All private keys are stored in the private-keys-v1.d directory under the GnuPG home directory.

The private-keys-v1.d (with --homedir or ~/.gnupg ) is owned and managed by the agent.

+2
source

Source: https://habr.com/ru/post/907277/

More articles:


All Articles