2

As the title says, I need to replicate GPA's "Sign and Compress" option on the command line. I'm trying to automate some encryption of files for submission to a bank and the instructions they gave me are to use the Sign and Compress option in GPA. I've spent quite a bit of time reading through the documentation for GPG and I can't figure it out. The closest I've gotten to it is 

gpg --batch --passphrase *********** -a -se
Morgan Thrapp
  • 123
  • 7
  • Just out of curiosity: what bank is offering OpenPGP? – Jens Erat Dec 15 '14 at 23:59
  • I'm implementing a program to generate and send NACHA files. All the banks I'm working with require pgp encryption. – Morgan Thrapp Dec 16 '14 at 00:01
  • Wasn't aware of that standard up to now, which is not surprising from an European point of view as there are totally other systems in use over here. Thank you for the background! – Jens Erat Dec 16 '14 at 00:13

2 Answers2

1

GPA only wraps GnuPG itself, thus all operations are (somehow) possible using the bare gpg command line application.

I guess you're not after sign and compress, but sign and encrypt. Compression is added automatically before encrypting clear text messages. Compression could be enforced by adding an --compression-algorithm zip parameter (the only algorithm that must be understood by all OpenPGP implementations).

Regarding sign and encrypt, you will have to define the recipient and use both the --encrypt and --sign commands, or their respective short forms -e and -s. In the end, all you missed is the recipient:

gpg --recipient [uid/key-id] --sign --encrypt

For automating the encryption and passing a passphrase, you already found the required options. -a or --ascii adds ascii armoring, which usually is not required but might prevent some transmission issues sometimes, but enlarges the file a little bit.

Jens Erat
  • 17,507
  • 14
  • 61
  • 74
  • Where would I find the recipient then? In GPA and Kleopatra it just shows it as Our Company Name /Companyemail@domain.com. I tried that, b it shows it as an invalid recipient. Which makes sense. – Morgan Thrapp Dec 16 '14 at 01:12
  • You should be able to either use their mail address, or lookup their key and use the key's key ID (which should be presented somewhere near it). For automated processes, better directly use the recipient's full fingerprint. And actually, you should be able to request the fingerprint from the recipient, and if he cares he will tell you in some secure way (so not an unsigned, untrusted e-mail, maybe a letter or in person). – Jens Erat Dec 16 '14 at 01:21
  • Alright, thanks. I think I have the key already, I'll take a look in the morning. – Morgan Thrapp Dec 16 '14 at 01:38
  • I actually ended up needing the -u option and -s. Now I just need to figure out how to use -a and still have it output a .gpg. – Morgan Thrapp Dec 16 '14 at 16:07
  • By deafult GnuPG prints to stdout. If you want an ascii-armored file with name .gpg, either use a pipe (`gpg ... >file.gpg`) or the `-o` option. By the way, `man gpg` explains all those options, although being rather long. – Jens Erat Dec 16 '14 at 17:08
0

Why not install Gpg4win?

It includes The GNU Privacy Assistant (GPA) .

Then you can use the exact instructions from the bank.

DavidPostill
  • 153,128
  • 77
  • 353
  • 394
  • I have that installed. From what I've found, you can't use GPA from the command line. That's my problem. I need to be able to automate it. – Morgan Thrapp Dec 15 '14 at 21:22