1. 首页
  2. 服务器

gpg加解密批处理文件

pgp 在做解密和加密的时候,命令行的方式总是需要手动输入密码和指定ID,比较繁琐,所以写了一个自动脚本。
比较有意思的地方是:
setlocal enabledelayedexpansion 变量延迟和!变量!的使用。同样的方式可以读入文本文件中不同行的内容来赋值变量

@echo off

:: todo
setlocal enabledelayedexpansion
set /a j=0
for /f "delims=" %%i in (ps.txt) do (
set /a j+=1
rem set /a j+=1
rem echo !j!
rem echo %%i
if !j!==1 set ps=%%i
rem if !j!==2 set txt=%%i

)
rem echo %ps%
rem echo %txt%
set inputfile=%1%
echo -----------------------------------------------------------
echo Decrypt the pgp file from WideVine portal - %inputfile%
echo -----------------------------------------------------------
echo;
set outputfile=%inputfile:~0,-28%xml
rem echo Output file - %outputfile%

gpg --passphrase %ps% --decrypt %inputfile% > %outputfile%
echo -----------------------------------------------------------
echo Decrypt the pgp file successfully.
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo Encrypt the %outputfile% with customer key
echo -----------------------------------------------------------
echo;

gpg -r widevine_keys -e %outputfile%
rm %outputfile%

但是存在一个问题,在最后加密文件的时候,gpg总是出现下列提示并要求选择y/n
It is NOT certain that the key belongs to the person named
in the user ID. If you really know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

查了下发现是因为key没有信任的原因,操作如下:
gpg --edit-key key-uid
然后gpg会列出key信息:
Secret key is available.

pub 2048R/B89A8C48 created: 2018-03-07 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048R/F13C4008 created: 2018-03-07 expires: never usage: E
[ultimate] (1). Jacky Wang <widevinekeys@harman.com>

Invalid command (try "help")
gpg >

然后输入trust,回车会显示:
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

Your decision?
输入5,然后回车,然后加密就不会总是会有提示问题了。

Google的WV portal不久前更改了流程,之前是需要上传一个device id的文件,然后生成的key会根据上传的device id(使用设备的mac address)依次生成。但是现在不需要了,只需要输入要生成多少个key,然后device id就默认从0开始递增。工厂生产的脚本就得修改,为了减少冲突只有写个预处理的脚本,将mac地址替换到递增的device id。
这样脚本复杂很多,用了多个for /f循环来获取同一行中的不同段内容,然后在使用重定向输出。

问题汇总:
for /f 循环中的内部变量有时候能给外部变量赋值,有时候不行,比如num一切正常,但是当想把不同段的内容也赋值到变量str1/2/3,然后在最后通过字符串操作str1/2/3却始终有问题,str不能获得赋值。不知道原因

文件内容如下:
<?xml version="1.0"?>
<Widevine>
<NumberOfKeyboxes>2412</NumberOfKeyboxes>
<Keybox DeviceID="device_id_0"><Key>c5f4edc5ff57aff896abf7adf42c3481</Key><ID>000000020000206

脚本
for /f skip^=2^ tokens^=1^,3^ delims^=^>^< %%m in (%xmlfile%) do (
rem echo %%m >> num.txt
set num=%%m
set num1=%%n
goto gg
)
:gg
rem echo Find %num% keys from XML file.
echo num=%num1%
echo num1=%num1%

试了试几个case,打印分别如下

for /f skip^=2^ tokens^=1^-3^ delims^=^>^< %%m in (%xmlfile%) do (
...
num=NumberOfKeyboxes
num1=2412

for /f skip^=2^ tokens^=1^,3^ delims^=^>^< %%m in (%xmlfile%) do (
...
num=NumberOfKeyboxes
num1=/NumberOfKeyboxes

for /f skip^=2^ tokens^=2^ delims^=^>^< %%m in (%xmlfile%) do (

num=2412
num1=%n
到此为止一切正常。

接着想把<Keybox DeviceID="device_id_0"><Key>c5f4edc5ff57aff896abf7adf42c3481</Key><ID>000000020000206
这部分内容按照双引分成三段,第一和第二保持不变,替换第二段为mac地址。

for /f skip^=3^ tokens^=1^,3^ delims^=^"^" %%m in (%xmlfile%) do (
rem echo %%m
set str1=%%m
set str3=%%n
set str5=%%o
goto cc
)
:cc
echo str1=%str1%
echo str3=%str3%
echo str5=%str5%
.... 报错
Find 2412 keys from XML file.
The system cannot find the file specified.
< was unexpected at this time.

试试其他办法
for /f skip^=3^ tokens^=1^-3^ delims^=^"^" %%m in (%xmlfile%) do (
... str3正确,str1不成功
The system cannot find the file specified.
str3=device_id_0
str5=%o

for /f skip^=3^ tokens^=1^ delims^=^"^" %%m in (%xmlfile%) do (
...str1拿不到
The system cannot find the file specified.
str3=%n

for /f skip^=3^ tokens^=2^ delims^=^"^" %%m in (%xmlfile%) do (
...str1正确
str1=device_id_0
str3=%n

for /f skip^=3^ tokens^=3^ delims^=^"^" %%m in (%xmlfile%) do (
... str1报错
< was unexpected at this time.

只有tokens为2的情况下,似乎获取没有问题,其余case都不行,原因不得而知。

接着我试图获取一整行,然后用字符串处理函数来实现功能,但是发现即便是获取整行仍然出现问题,

for /f "skip=3 delims=" %%m in (%xmlfile%) do (
rem echo %%m 此处打印能正常打印出内容
set str1=%%m
goto cc
)
:cc
echo str1=%str1%

... 整行内容得不到,但是在for循环内部能正常打印%%m的内容。
< was unexpected at this time.

最终能工作的脚本如下:

@echo off
:todo
rem get gpg key password from ps.txt
setlocal enabledelayedexpansion
set /a j=0
for /f "delims=" %%i in (ps.txt) do (
set /a j+=1
rem set /a j+=1
rem echo !j!
rem echo %%i
if !j!==1 set ps=%%i
rem if !j!==2 set txt=%%i

)
rem echo %ps%
rem echo %txt%
set para=%1%
if %para%==-r (
set inputfile=%2%
) else (
set inputfile=%1%
)
echo -----------------------------------------------------------
echo Decrypt the pgp file from WideVine portal - %inputfile%
echo -----------------------------------------------------------
echo;
rem xxxx.txt.1540199541676.output.pgp

set xmlfile=%inputfile:~0,-28%xml
set macfile=%inputfile:~0,-28%txt
set tmpfile=%inputfile:~0,-28%tmp

echo TXTfile - %txtfile% XMLfile - %xmlfile%

gpg --passphrase %ps% --decrypt %inputfile% > %xmlfile%

if %para%==-r (
goto hh
) else (
goto ii
)

goto eof
:hh
echo -----------------------------------------------------------
echo Preprocess - %xmlfile% to replace device ID with mac address from %macfile%
echo -----------------------------------------------------------
setlocal enabledelayedexpansion
set /a j=0
set /a k=3
set /a l=0

for /f "delims=" %%i in (%xmlfile%) do (
set /a j+=1
if !j!==4 goto aa
echo %%i >> %tmpfile%
)

:aa
for /f skip^=2^ tokens^=2^ delims^=^>^< %%m in (%xmlfile%) do (
rem echo %%m >> num.txt
set num=%%m
goto gg
)
:gg
echo Find %num% keys from XML file.
:bb

rem goto eof
rem echo first time %l%

for /f skip^=%k%^ tokens^=1^ delims^=^"^" %%m in (%xmlfile%) do (
rem echo %%m
if %%m == ^<^/Widevine^> (
rem >>%tmpfile% set /p="</Widevine>"<nul
echo %%m>>%tmpfile%
goto ff
)
rem echo %%m >> %tmpfile%
set /p=%%m<nul>>%tmpfile%
rem set str=%%m
rem >>%tmpfile% set /p=%%m<nul
rem echo %str1%
rem echo %str3%
goto cc
)

:cc

if !l!==0 (
for /f "delims=" %%a in (%macfile%) do (
rem echo %%a
rem echo "%%a" >> %tmpfile%
rem >>%tmpfile% set /p=%%a<nul
set /p=""%%a""<nul>>%tmpfile%
rem set str2=%%a
goto dd
)
) else (
for /f "skip=%l% delims=" %%a in (%macfile%) do (
rem echo %%a
rem echo "%%a" >> %tmpfile%
rem >>%tmpfile% set /p=%%a<nul
set /p=""%%a""<nul>>%tmpfile%
rem set str2=%%a
goto dd
)
)
:dd

for /f skip^=%k%^ tokens^=3^ delims^=^"^" %%n in (%xmlfile%) do (
rem echo %%n
rem echo %%n >> %tmpfile%
set /p=%%n<nul>>%tmpfile%
rem set str3=%%n
goto ee
)
rem echo %str2%
rem echo %%a
rem echo %%m"%%a"%%n >> %tmpfile%
:ee

set /a k+=1
set /a l+=1
echo.>>%tmpfile%
goto bb

:ff
rem echo %%i%%a%%j >> %tmpfile%
rem rm %xmlfile%
rem ren %tmpfile% %xmlfile%
rem echo "</Widevine>" >> %tmpfile%
if !l!==%num% (
echo Total !l! keys generated!
rm %xmlfile%
ren %tmpfile% %xmlfile%
) else (
echo Error: Key number not match, please check!
goto eof
)

:ii
echo -----------------------------------------------------------
echo Decrypt the pgp file successfully.
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo Encrypt the %xmlfile% with customer key
echo -----------------------------------------------------------
echo;

gpg -r widevine_keys -e %xmlfile%
rm %xmlfile%

:eof

在Mac OS上脚本需要略微修改key.sh如下:
#!/bin/bash

#file="./PS.txt"
file="/Users/jackywang/Documents/GPG/Harman/PS.txt"
if [[ -f "$file" ]];
then
#read it
while IFS= read line;
do
ps="$line"
done < "$file"
else
echo "password file not exist!!!"
exit
fi

inputfile=$1
echo $inputfile
#inputlen=$inputfile.length

echo -----------------------------------------------------------
echo Decrypt the pgp file from WideVine portal - $inputfile
echo -----------------------------------------------------------
echo;
extstr=${inputfile:0-28:28}

xmlfile=${inputfile/%$extstr/xml}
macfile=${inputfile/%$extstr/txt}
tmpfile=${inputfile/%$extstr/tmp}

echo TXTfile - $macfile XMLfile - $xmlfile

gpg --passphrase $ps --decrypt $inputfile > $xmlfile

echo -----------------------------------------------------------
echo Decrypt the pgp file successfully.
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo Encrypt the %xmlfile% with customer key
echo -----------------------------------------------------------
echo;

gpg -r widevine_keys -e $xmlfile
rm $xmlfile

原创文章,作者:夜风博客,如若转载,请注明出处:https://www.homedt.net/16602.html

联系我们

联系QQ:28575315