我试图为使用GPG(当前版本为1.4.10)执行对称加密/解密过程的自定义软件增加未来功能保障。我当前的加密命令如下:
gpg --batch --no-tty --no-use-agent --symmetric --cipher-algo AES256 --passphrase "foobar" /path/to/file_to_be_encrypted
--no-use-agent 选项,我会遇到臭名昭著的错误信息:
我对转移到 gpg2 感到担忧,因为根据文档,始终需要 gpg-agent,并且gpg-agent is not available in this session
--no-use-agent只是一个虚设选项。我的 gpg 调用通过守护进程在后台进行,所以这非常适合无代理方案(另外,它具有对称性,我根本就不需要代理)。The way you invoke gpg2, it might fail if the output file path/to/file_to_be_encrypted.gpg already exists. If you want the file to be overwritten, you should provide the --yes option:
gpg2 --batch --yes --no-tty --no-use-agent --symmetric --cipher-algo AES256 --passphrase "foobar" /path/to/file_to_be_encrypted
When you are using symmetric encryption (like you do), the passphrase constraints (even if set to enforced by gpg-agent) will not be applied at all—it will just work.
Say the gpg-agent was run like this (and let the mypasswords file even contain the forbidden pattern that exactly matches your password):
eval $(gpg-agent --daemon --enforce-passphrase-constraints --min-passphrase-len 8 --min-passphrase-nonalpha 4 --check-passphrase-pattern mypasswords)
Then your command would still succeed.
In short: gpg-agent will not make it fail (unless it crashes gpg for some reason—like wrong configuration or missing executable, which you cannot account for).
EDIT: I've just checked and in symmetric mode gpg2 will work even if gpg-agent is wrongly configured or if the gpg-agent executable is missing.
This is not related, but just in case: I also verified what happens when you try to change the password of your private key while gpg-agent is missing or is wrongly configured: gpg2 will report a warning, will not even ask for the new passphrase, and continue working.
参考资料: