turtlemonvh/gpg_encrypt_no_prompt.sh

## gpg_encrypt_no_prompt.sh
## Based on: https://unix.stackexchange.com/questions/60213/gpg-asks-for-password-even-with-passphrase
## The key in this case may come from an API call (e.g., AWS KMS)

# Create test file
$ cat > testfile.txt <<EOF
Hi there, my name is Timothy
This is another line
EOF

# Encrypt
$ gpg --batch --yes --passphrase-file <(cat gpgpassphrase.txt) --output testfile.txt.gpg --cipher-algo AES256 --digest-algo SHA512 --symmetric testfile.txt
$ gpg --batch --yes --passphrase-file <(cat gpgpassphrase.txt) --output testfile.txt.gpg.2 --cipher-algo AES256 --digest-algo SHA512 --symmetric testfile.txt

# Decrypt
$ gpg --batch --yes --passphrase-file <(cat gpgpassphrase.txt) --output testfile.txt.gpg.dec --decrypt testfile.txt.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
$ gpg --batch --yes --passphrase-file <(cat gpgpassphrase.txt) --output testfile.txt.gpg.dec.2 --decrypt testfile.txt.gpg.2
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase

# Note the encrypted contents are different (expected since the nonces are random)
# The decrypted outputs are all the same
$ md5sum testfile.txt*
cf0ffeff144cd64faec3f0463789d2bd  testfile.txt
4f78175308610ab71f4f1a92995a77b1  testfile.txt.gpg
db77c5f6a04a3a8233077e7d9acbac96  testfile.txt.gpg.2
cf0ffeff144cd64faec3f0463789d2bd  testfile.txt.gpg.dec
cf0ffeff144cd64faec3f0463789d2bd  testfile.txt.gpg.dec.2

$ cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
	## Based on: https://unix.stackexchange.com/questions/60213/gpg-asks-for-password-even-with-passphrase
	## The key in this case may come from an API call (e.g., AWS KMS)

	# Create test file
	$ cat > testfile.txt <<EOF
	Hi there, my name is Timothy
	This is another line
	EOF

	# Encrypt
	$ gpg --batch --yes --passphrase-file <(cat gpgpassphrase.txt) --output testfile.txt.gpg --cipher-algo AES256 --digest-algo SHA512 --symmetric testfile.txt
	$ gpg --batch --yes --passphrase-file <(cat gpgpassphrase.txt) --output testfile.txt.gpg.2 --cipher-algo AES256 --digest-algo SHA512 --symmetric testfile.txt

	# Decrypt
	$ gpg --batch --yes --passphrase-file <(cat gpgpassphrase.txt) --output testfile.txt.gpg.dec --decrypt testfile.txt.gpg
	gpg: AES256 encrypted data
	gpg: encrypted with 1 passphrase
	$ gpg --batch --yes --passphrase-file <(cat gpgpassphrase.txt) --output testfile.txt.gpg.dec.2 --decrypt testfile.txt.gpg.2
	gpg: AES256 encrypted data
	gpg: encrypted with 1 passphrase

	# Note the encrypted contents are different (expected since the nonces are random)
	# The decrypted outputs are all the same
	$ md5sum testfile.txt*
	cf0ffeff144cd64faec3f0463789d2bd testfile.txt
	4f78175308610ab71f4f1a92995a77b1 testfile.txt.gpg
	db77c5f6a04a3a8233077e7d9acbac96 testfile.txt.gpg.2
	cf0ffeff144cd64faec3f0463789d2bd testfile.txt.gpg.dec
	cf0ffeff144cd64faec3f0463789d2bd testfile.txt.gpg.dec.2

	$ cat /etc/os-release
	NAME="CentOS Linux"
	VERSION="7 (Core)"
	ID="centos"
	ID_LIKE="rhel fedora"
	VERSION_ID="7"
	PRETTY_NAME="CentOS Linux 7 (Core)"
	ANSI_COLOR="0;31"
	CPE_NAME="cpe:/o:centos:centos:7"
	HOME_URL="https://www.centos.org/"
	BUG_REPORT_URL="https://bugs.centos.org/"

	CENTOS_MANTISBT_PROJECT="CentOS-7"
	CENTOS_MANTISBT_PROJECT_VERSION="7"
	REDHAT_SUPPORT_PRODUCT="centos"
	REDHAT_SUPPORT_PRODUCT_VERSION="7"