I'm attempting to futureproof some custom software that utilizes GPG (currently v 1.4.10) to perform symmetric encryption/decryption processes. My current encryption command looks like this:
gpg --batch --no-tty --no-use-agent --symmetric --cipher-algo AES256 --passphrase "foobar" /path/to/file_to_be_encrypted
Without the --no-use-agent
option, I get the infamous error message
gpg-agent is not available in this session
I'm concerned about a move to gpg2 because, according to the documentation, the gpg-agent is always required, and --no-use-agent
is simply a dummy option. My gpg calls occur in the background via a daemon process, so this is very much a no-agent scenario (plus the fact that it's symmetric, and I have no need of the agent at all).
Documentation at this level of detail is sparse, so I'm looking for user experience. Does gpg2 incorporate the agent more tightly, so that I don't have to worry about its availability?
The way you invoke gpg2
, it might fail if the output file path/to/file_to_be_encrypted.gpg
already exists. If you want the file to be overwritten, you should provide the --yes
option:
gpg2 --batch --yes --no-tty --no-use-agent --symmetric --cipher-algo AES256 --passphrase "foobar" /path/to/file_to_be_encrypted
When you are using symmetric encryption (like you do), the passphrase constraints (even if set to enforced by gpg-agent
) will not be applied at all—it will just work.
Say the gpg-agent
was run like this (and let the mypasswords
file even contain the forbidden pattern that exactly matches your password):
eval $(gpg-agent --daemon --enforce-passphrase-constraints --min-passphrase-len 8 --min-passphrase-nonalpha 4 --check-passphrase-pattern mypasswords)
Then your command would still succeed.
In short: gpg-agent
will not make it fail (unless it crashes gpg for some reason—like wrong configuration or missing executable, which you cannot account for).
EDIT: I've just checked and in symmetric mode gpg2 will work even if gpg-agent is wrongly configured or if the gpg-agent executable is missing.
This is not related, but just in case: I also verified what happens when you try to change the password of your private key while gpg-agent is missing or is wrongly configured: gpg2 will report a warning, will not even ask for the new passphrase, and continue working.
Sources: