问题描述:

I try to decrypt file using following command:

gpg --batch --no-tty --yes --always-trust --primary-keyring /root/.gnupg/secring.gpg -o file.csv --passphrase -d file.csv.asc

It work fine, But when I run it in cron I get following error message:

gpg: expected public key but found secret key - must stop

What can I do to get it running in cron?

网友答案:

Don't point to a keyring, but a complete GnuPG home directory using --homedir /root/.gnupg. --homedir sets the directory GnuPG is searching all other files inside.

--primary-keyring file can only be used for public keyrings, which will not help you with decryption. From man gpg:

--primary-keyring file
      Designate file as the primary public keyring. This means that newly
      imported keys (via --import or keyserver --recv-from) will go to this
      keyring.

Alternatively, you can use --secret-keyring file:

--secret-keyring file
      Same as --keyring but for the secret keyrings.

I'm not sure whether you need this parameter anyway: if you're running this cron job as root user, $HOME should already be set to /root and GnuPG will find its home folder without further configuration. If you're not running the cron job as root, put the keys in another location (ie., the user's home directory); giving other users read- and possibly write access to /root is a potential security issue.

相关阅读:
Top