RE: GPG Decrypt Error based on a timeout function?
Angel, I came to that realization as I worked through with your guidance, the configuration I wanted. Technology, while here to help, can be a drawback at times. Or perhaps better said, has its own limitations. Many thanks and stay safe. Dave -Original Message- From: Gnupg-users On Behalf Of Ángel Sent: Friday, December 18, 2020 3:50 PM To: gnupg-users@gnupg.org Subject: Re: GPG Decrypt Error based on a timeout function? On 2020-12-18 at 10:25 -0800, Dave via Gnupg-users wrote: > Angel, > Yes, I want the script to run unattended, which the gpg process is > not the right method, as you say: " you could configure the gpg > password in the script, but then that would be roughly equivalent to > the email account password." > > Many thanks and stay safe and healthy, Dave You cannot make a machine which needs a secret run fully unattended without having such secret *somewhere*. You can move pieces around, separate roles amongst different parts, protect a secret in a way that a _different_ secret is needed instead, etc. But in the end, as the machine needs that secret, you need to store it there. Or, alternatively, have a human input it and have it stored in memory, with the caveat that the machine won't be able to boot to a fully functional state until that is provided. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG Decrypt Error based on a timeout function?
On 2020-12-18 at 10:25 -0800, Dave via Gnupg-users wrote: > Angel, > Yes, I want the script to run unattended, which the gpg process is > not the right method, as you say: " you could configure the gpg > password in the script, but then that would be roughly equivalent to > the email account password." > > Many thanks and stay safe and healthy, > Dave You cannot make a machine which needs a secret run fully unattended without having such secret *somewhere*. You can move pieces around, separate roles amongst different parts, protect a secret in a way that a _different_ secret is needed instead, etc. But in the end, as the machine needs that secret, you need to store it there. Or, alternatively, have a human input it and have it stored in memory, with the caveat that the machine won't be able to boot to a fully functional state until that is provided. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: GPG Decrypt Error based on a timeout function?
Angel, Yes, I want the script to run unattended, which the gpg process is not the right method, as you say: " you could configure the gpg password in the script, but then that would be roughly equivalent to the email account password." Many thanks and stay safe and healthy, Dave -Original Message- From: Gnupg-users On Behalf Of Ángel Sent: Thursday, December 17, 2020 4:53 PM To: gnupg-users@gnupg.org Subject: Re: GPG Decrypt Error based on a timeout function? On 2020-12-17 at 11:28 -0800, Dave via Gnupg-users wrote: > Good Day, > This very novice would appreciate some help. > > My situation: > > I have a Raspberry Pi 4 computer running the Raspberry Operating > System (Raspbian GNU/Linux [buster], Version ID=10) at my home. I > need it to send me an email notification when certain functions are > performed. > > To this end, I have configured the mail system called msmtp on the > Raspberry Pi 4 computer. I can send email to my myself via my email > account manually and interactively using msmtp on the Raspberry Pi 4 > computer, with the password not encrypted on the Raspberry Pi 4 > computer. > (...) > When I run the following command: > > gpg --encrypt -o .msmtp-2d.ionos.gpg -r 2...@daviddonnelly.com - > > I am asked for my passphrase, once entered the file is decrypted and > the contents displayed. I then rerun the command: Probably a mistake in pasting the same as before. This command wouldn't need the password for the private key. > msmtp -t < message.txt > > and the associated e-mail is sent. > > I wait a few minutes and the error repeats itself. > > Is there some sort of timeout associated with gpg? Or my > implementation is wrong…or ? > > Also, I have noticed, at times, gpg will not accept the passphrase > until I reboot the Raspberry pi 4. See gpg-agent settings. The few minutes it works, that's because gpg- agent has the decrypted gpg key cached. You would need to increase that timeout, or let the script provide the password directly to gpg / use a passwordless key. When the sending fails, it should perhaps be asking you to provide the gpg passphrase, my guess is that the way it runs ( --no-tty --batch maybe), it isn't able to launch a pinentry to ask the password to the user. If you really want the password decryption to be unattended, you could configure the gpg password in the script, but then that would be roughly equivalent to the email account password. It's turtles all way down. Regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG Decrypt Error based on a timeout function?
On 2020-12-17 at 11:28 -0800, Dave via Gnupg-users wrote: > Good Day, > This very novice would appreciate some help. > > My situation: > > I have a Raspberry Pi 4 computer running the Raspberry Operating > System (Raspbian GNU/Linux [buster], Version ID=10) at my home. I > need it to send me an email notification when certain functions are > performed. > > To this end, I have configured the mail system called msmtp on the > Raspberry Pi 4 computer. I can send email to my myself via my email > account manually and interactively using msmtp on the Raspberry Pi 4 > computer, with the password not encrypted on the Raspberry Pi 4 > computer. > (...) > When I run the following command: > > gpg --encrypt -o .msmtp-2d.ionos.gpg -r 2...@daviddonnelly.com - > > I am asked for my passphrase, once entered the file is decrypted and > the contents displayed. I then rerun the command: Probably a mistake in pasting the same as before. This command wouldn't need the password for the private key. > msmtp -t < message.txt > > and the associated e-mail is sent. > > I wait a few minutes and the error repeats itself. > > Is there some sort of timeout associated with gpg? Or my > implementation is wrong…or ? > > Also, I have noticed, at times, gpg will not accept the passphrase > until I reboot the Raspberry pi 4. See gpg-agent settings. The few minutes it works, that's because gpg- agent has the decrypted gpg key cached. You would need to increase that timeout, or let the script provide the password directly to gpg / use a passwordless key. When the sending fails, it should perhaps be asking you to provide the gpg passphrase, my guess is that the way it runs ( --no-tty --batch maybe), it isn't able to launch a pinentry to ask the password to the user. If you really want the password decryption to be unattended, you could configure the gpg password in the script, but then that would be roughly equivalent to the email account password. It's turtles all way down. Regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
