7

I would like to encrypt a string without writing it to a file.

The way to encrypt a file using GPG is

gpg --encrypt --sign --armor -r <target@email.com> -r <sender@email.com> <filename.txt>

What I want would like is to be able to simply type in a string or a series of numbers where filename.txt is, and have it encrypt that into a file.

gpg --encrypt --sign --armor -r <target@email.com> -r <sender@email.com> <"this is a string that needs to be encrypted">

Is there a way to do this, or is passing in the filename.txt required?

JSpicky
  • 143
  • 2
  • 7
  • possible duplicate of [How can I force GPG to accept input from STDIN instead of trying to open a file?](http://stackoverflow.com/questions/6981589/how-can-i-force-gpg-to-accept-input-from-stdin-instead-of-trying-to-open-a-file) – user3467349 Jan 21 '15 at 23:40
  • 1
    The questions might be similar, but especially the answer is not, being very PHP specific (for general use, piping is a much simpler solution which automatically generates and connects the required file descriptors). – Jens Erat Jan 22 '15 at 09:00

2 Answers2

7

I'm not aware of any option that allows you to pass input as a parameter, but you can simply use a pipe instead:

echo 'foo bar' | gpg -r target@example.com --encrypt

You can of course add all the additional options and commands you used. By using a pipe, the output is not stored as an intermediate file, but echos stdout and gpgs stdin get connected using a small in-memory buffer.

Jens Erat
  • 37,523
  • 16
  • 80
  • 96
  • A warning about using gpg this way: while gpg is running, anyone on the system will be able to see the text you are encrypting by inspecting the args of running processes, e.g., with `ps`. This is why people generally stick to using temp files. – rsaw Jan 22 '15 at 15:01
  • It seems that using a temp file is the best way. Never knew about those. – JSpicky Jan 22 '15 at 18:11
  • 2
    I guessed you have output from another process anyway (`echo` is just used for getting example output here) -- here, piping would be totally fine. Otherwise in a script context, using pipes similar as proposed in the linked answer. If you're creating temp files, make sure to use appropriate system calls which (1) make sure they're not world-readable, (2) removed afterwards and (3) consider the fact they might not be overwritten during deletion, even if you overwrite them on your own (especially on copy on write file systems). – Jens Erat Jan 22 '15 at 18:28
  • @rsaw, that's a good point to keep in mind. But I tested with `ps`, and the `echo ...` process has already terminated when `gpg` is running. (This is easy to test if the output file already exists, because `gpg` process will wait for user prompt whether to overwrite the output file.) Only the `gpg` args show up in `ps`. – wisbucky Dec 03 '19 at 01:53
4

If you are using bash, you can use the HEREDOC syntax, which is useful for multiline strings. You can just copy and paste the multiline string without having to worry about escaping.

gpg -r target@email.com --encrypt -o out.gpg << 'HEREDOC'
first line
second line
HEREDOC
r_31415
  • 8,752
  • 17
  • 74
  • 121
wisbucky
  • 33,218
  • 10
  • 150
  • 101