I’ve tried using the passphrase switch various ways for batch mode. No matter which way I do it, it always prompts me. How do I suppress the prompt? I am on a Windows Server using version 2.1.12
Examples of how I’ve run it…
GPG --decrypt --batch --yes --passphrase-fd 0 FileToDecrypt.enc< Password.Txt
GPG --decrypt --batch --yes --passphrase-file Password.Txt FileToDecrypt.enc
GPG --decrypt --batch --yes --passphrase P@ssw0rd! FileToDecrypt.enc
They all prompt anyway, and I enter the password and it works. I’ve also tried tty switch.
If you are using gnupg 2.1.12 you are not using our distribution (which still ships 2.0.30) but gnupg’s itself.
The problem you are seeing is that gnupg 2.1. needs “allow-loopback-pinentry” in gpg-agent.conf so that applications are allowed to provide their own passprhase this is afaik a security measure against attackers against a possibly ssh forwared gnupg-agent socket.
Open %appdata%\gnupg\gpg-agent.conf → wirte “allow-loopback-pinentry” in there.
Kill gnupg-agent through task manager (or restar). Try out your command.
If it does not work (I’m not sure if the next step is needed):
Open %appdata%\gnupg\gpg.conf → wirte “pinentry-mode loopback” in there.
That should do the trick.
Btw. the reason why this is so weirdly unsupported is because such a setup nearly does never add protection over just file based protection of a key without a passphrase.
Thanks for the help. I will give it a try.