I am new to GPG so I may be going about this all wrong. I have some files I would like to encrypt symmetrically using AES256, but I want to sign them with my GPG key. I need to automate this process however so I’m using
--batch and I pass the symmetric key after
--passphrase. Since it needs to be automated, I’ve disabled passphrase caching by following the steps here. However, this means my script has no way to pass in the passphrase for my GPG private key. My script will be piping the files to gpg so passing the passphrase to gpg via stdin is also not an option.
If there is no reasonable way to pass both the AES password and private key passphrase, I might consider doing this in two steps, with gpg symmetrically encrypting and then a second round of gpg for signing. It seems excessive though, considering gpg can clearly do this in one step if one passes the private key passphrase interactively.
For reference, I’m using gpg2 exclusively and don’t care about backwards compatibility with gpg 1.x.
Here is the command I’m currently using for encryption. It encrypts and signs as expected, but I can only pass it the private key’s passphrase interactively in the text-based dialog "window".
gpg2 --batch --passphrase <my-long-symmetric-password> --sign --symmetric --cipher-algo AES256 plaintext.txt