gpg decryption giving error in LINUX “can't query passphrase in batch mode”

Question

Hi im using gpg to decrypt a file in linux, im using

shell_exec("gpg --batch --passphrase-file $passphrase_file -d $encrypted_file"); 

to decrypt the file, but im getting the following errors.

gpg: gpg-agent is not available in this session
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode

Answer 1

This error makes it appear that the commaand doesnt like to be run using shell_exec (similar to how sudo/ssh warns about needing a tyy when run with shell_exec)::

gpg: gpg-agent is not available in this session

What happens if u run it directly from the shell prompt?

Also, make sure your not in safe mode:

shell_exec() (functional equivalent of backticks) This function is disabled when PHP is running in safe mode.

Check with phpinfo()

---

check that the function is not disabled:

$ grep 'disable_functions' /etc/php.ini

---

Edit:

Also, try using putenv to point GNUPGHOME to your .gnupg folder.

It could be that the php script is being run as the httpd user and the gpg is expecting the 'user' user for your site.

Answer 2

I ran into a similar problem calling gpg from cron. The command works fine when run from the command line or from a shell script. Running the command from cron fails with the same errors you're getting. Two resources I found were a good gpg cheetsheet And this answer on serverfault

I was able to get it to work after generating a gpg key.

gpg --gen-key

And then encrypt with:

gpg -e -r name@domain.tld backup_file.tgz