gpg加解密批處理文件

pgp 在做解密和加密的時候，命令行的方式總是需要手動輸入密碼和指定ID，比較繁瑣，所以寫了一個自動腳本。
比較有意思的地方是：
setlocal enabledelayedexpansion 變量延遲和！變量！的使用。同樣的方式可以讀入文本文件中不同行的內(nèi)容來賦值變量

@echo off

:: todo
setlocal enabledelayedexpansion
set /a j=0
for /f "delims=" %%i in (ps.txt) do (
set /a j+=1
rem set /a j+=1
rem echo !j!
rem echo %%i
if !j!==1 set ps=%%i
rem if !j!==2 set txt=%%i

)
rem echo %ps%
rem echo %txt%
set inputfile=%1%
echo -----------------------------------------------------------
echo Decrypt the pgp file from WideVine portal - %inputfile%
echo -----------------------------------------------------------
echo;
set outputfile=%inputfile:~0,-28%xml
rem echo Output file - %outputfile%

gpg --passphrase %ps% --decrypt %inputfile% > %outputfile%
echo -----------------------------------------------------------
echo Decrypt the pgp file successfully.
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo Encrypt the %outputfile% with customer key
echo -----------------------------------------------------------
echo;

gpg -r widevine_keys -e %outputfile%
rm %outputfile%

但是存在一個問題，在最后加密文件的時候，gpg總是出現(xiàn)下列提示并要求選擇y/n
It is NOT certain that the key belongs to the person named
in the user ID. If you really know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

查了下發(fā)現(xiàn)是因為key沒有信任的原因，操作如下：
gpg --edit-key key-uid
然后gpg會列出key信息：
Secret key is available.

pub 2048R/B89A8C48 created: 2018-03-07 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048R/F13C4008 created: 2018-03-07 expires: never usage: E
[ultimate] (1). Jacky Wang <widevinekeys@harman.com>

Invalid command (try "help")
gpg >

然后輸入trust，回車會顯示：
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

Your decision?
輸入5，然后回車，然后加密就不會總是會有提示問題了。

Google的WV portal不久前更改了流程，之前是需要上傳一個device id的文件，然后生成的key會根據(jù)上傳的device id（使用設(shè)備的mac address）依次生成。但是現(xiàn)在不需要了，只需要輸入要生成多少個key，然后device id就默認從0開始遞增。工廠生產(chǎn)的腳本就得修改，為了減少沖突只有寫個預處理的腳本，將mac地址替換到遞增的device id。
這樣腳本復雜很多，用了多個for /f循環(huán)來獲取同一行中的不同段內(nèi)容，然后在使用重定向輸出。

問題匯總：
for /f 循環(huán)中的內(nèi)部變量有時候能給外部變量賦值，有時候不行，比如num一切正常，但是當想把不同段的內(nèi)容也賦值到變量str1/2/3，然后在最后通過字符串操作str1/2/3卻始終有問題，str不能獲得賦值。不知道原因

文件內(nèi)容如下：
<?xml version="1.0"?>
<Widevine>
<NumberOfKeyboxes>2412</NumberOfKeyboxes>
<Keybox DeviceID="device_id_0"><Key>c5f4edc5ff57aff896abf7adf42c3481</Key><ID>000000020000206

腳本
for /f skip^=2^ tokens^=1^,3^ delims^=^>^< %%m in (%xmlfile%) do (
rem echo %%m >> num.txt
set num=%%m
set num1=%%n
goto gg
)
:gg
rem echo Find %num% keys from XML file.
echo num=%num1%
echo num1=%num1%

試了試幾個case，打印分別如下

for /f skip^=2^ tokens^=1^-3^ delims^=^>^< %%m in (%xmlfile%) do (
...
num=NumberOfKeyboxes
num1=2412

for /f skip^=2^ tokens^=1^,3^ delims^=^>^< %%m in (%xmlfile%) do (
...
num=NumberOfKeyboxes
num1=/NumberOfKeyboxes

for /f skip^=2^ tokens^=2^ delims^=^>^< %%m in (%xmlfile%) do (

num=2412
num1=%n
到此為止一切正常。

接著想把<Keybox DeviceID="device_id_0"><Key>c5f4edc5ff57aff896abf7adf42c3481</Key><ID>000000020000206
這部分內(nèi)容按照雙引分成三段，第一和第二保持不變，替換第二段為mac地址。

for /f skip^=3^ tokens^=1^,3^ delims^=^"^" %%m in (%xmlfile%) do (
rem echo %%m
set str1=%%m
set str3=%%n
set str5=%%o
goto cc
)
:cc
echo str1=%str1%
echo str3=%str3%
echo str5=%str5%
.... 報錯
Find 2412 keys from XML file.
The system cannot find the file specified.
< was unexpected at this time.

試試其他辦法
for /f skip^=3^ tokens^=1^-3^ delims^=^"^" %%m in (%xmlfile%) do (
... str3正確，str1不成功
The system cannot find the file specified.
str3=device_id_0
str5=%o

for /f skip^=3^ tokens^=1^ delims^=^"^" %%m in (%xmlfile%) do (
...str1拿不到
The system cannot find the file specified.
str3=%n

for /f skip^=3^ tokens^=2^ delims^=^"^" %%m in (%xmlfile%) do (
...str1正確
str1=device_id_0
str3=%n

for /f skip^=3^ tokens^=3^ delims^=^"^" %%m in (%xmlfile%) do (
... str1報錯
< was unexpected at this time.

只有tokens為2的情況下，似乎獲取沒有問題，其余case都不行，原因不得而知。

接著我試圖獲取一整行，然后用字符串處理函數(shù)來實現(xiàn)功能，但是發(fā)現(xiàn)即便是獲取整行仍然出現(xiàn)問題，

for /f "skip=3 delims=" %%m in (%xmlfile%) do (
rem echo %%m 此處打印能正常打印出內(nèi)容
set str1=%%m
goto cc
)
:cc
echo str1=%str1%

... 整行內(nèi)容得不到，但是在for循環(huán)內(nèi)部能正常打印%%m的內(nèi)容。
< was unexpected at this time.

最終能工作的腳本如下：

@echo off
:todo
rem get gpg key password from ps.txt
setlocal enabledelayedexpansion
set /a j=0
for /f "delims=" %%i in (ps.txt) do (
set /a j+=1
rem set /a j+=1
rem echo !j!
rem echo %%i
if !j!==1 set ps=%%i
rem if !j!==2 set txt=%%i

)
rem echo %ps%
rem echo %txt%
set para=%1%
if %para%==-r (
set inputfile=%2%
) else (
set inputfile=%1%
)
echo -----------------------------------------------------------
echo Decrypt the pgp file from WideVine portal - %inputfile%
echo -----------------------------------------------------------
echo;
rem xxxx.txt.1540199541676.output.pgp

set xmlfile=%inputfile:~0,-28%xml
set macfile=%inputfile:~0,-28%txt
set tmpfile=%inputfile:~0,-28%tmp

echo TXTfile - %txtfile% XMLfile - %xmlfile%

gpg --passphrase %ps% --decrypt %inputfile% > %xmlfile%

if %para%==-r (
goto hh
) else (
goto ii
)

goto eof
:hh
echo -----------------------------------------------------------
echo Preprocess - %xmlfile% to replace device ID with mac address from %macfile%
echo -----------------------------------------------------------
setlocal enabledelayedexpansion
set /a j=0
set /a k=3
set /a l=0

for /f "delims=" %%i in (%xmlfile%) do (
set /a j+=1
if !j!==4 goto aa
echo %%i >> %tmpfile%
)

:aa
for /f skip^=2^ tokens^=2^ delims^=^>^< %%m in (%xmlfile%) do (
rem echo %%m >> num.txt
set num=%%m
goto gg
)
:gg
echo Find %num% keys from XML file.
:bb

rem goto eof
rem echo first time %l%

for /f skip^=%k%^ tokens^=1^ delims^=^"^" %%m in (%xmlfile%) do (
rem echo %%m
if %%m == ^<^/Widevine^> (
rem >>%tmpfile% set /p="</Widevine>"<nul
echo %%m>>%tmpfile%
goto ff
)
rem echo %%m >> %tmpfile%
set /p=%%m<nul>>%tmpfile%
rem set str=%%m
rem >>%tmpfile% set /p=%%m<nul
rem echo %str1%
rem echo %str3%
goto cc
)

:cc

if !l!==0 (
for /f "delims=" %%a in (%macfile%) do (
rem echo %%a
rem echo "%%a" >> %tmpfile%
rem >>%tmpfile% set /p=%%a<nul
set /p=""%%a""<nul>>%tmpfile%
rem set str2=%%a
goto dd
)
) else (
for /f "skip=%l% delims=" %%a in (%macfile%) do (
rem echo %%a
rem echo "%%a" >> %tmpfile%
rem >>%tmpfile% set /p=%%a<nul
set /p=""%%a""<nul>>%tmpfile%
rem set str2=%%a
goto dd
)
)
:dd

for /f skip^=%k%^ tokens^=3^ delims^=^"^" %%n in (%xmlfile%) do (
rem echo %%n
rem echo %%n >> %tmpfile%
set /p=%%n<nul>>%tmpfile%
rem set str3=%%n
goto ee
)
rem echo %str2%
rem echo %%a
rem echo %%m"%%a"%%n >> %tmpfile%
:ee

set /a k+=1
set /a l+=1
echo.>>%tmpfile%
goto bb

:ff
rem echo %%i%%a%%j >> %tmpfile%
rem rm %xmlfile%
rem ren %tmpfile% %xmlfile%
rem echo "</Widevine>" >> %tmpfile%
if !l!==%num% (
echo Total !l! keys generated!
rm %xmlfile%
ren %tmpfile% %xmlfile%
) else (
echo Error: Key number not match, please check!
goto eof
)

:ii
echo -----------------------------------------------------------
echo Decrypt the pgp file successfully.
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo Encrypt the %xmlfile% with customer key
echo -----------------------------------------------------------
echo;

gpg -r widevine_keys -e %xmlfile%
rm %xmlfile%

:eof

在Mac OS上腳本需要略微修改key.sh如下：
#!/bin/bash

#file="./PS.txt"
file="/Users/jackywang/Documents/GPG/Harman/PS.txt"
if [[ -f "$file" ]];
then
#read it
while IFS= read line;
do
ps="$line"
done < "$file"
else
echo "password file not exist!!!"
exit
fi

inputfile=$1
echo $inputfile
#inputlen=$inputfile.length

echo -----------------------------------------------------------
echo Decrypt the pgp file from WideVine portal - $inputfile
echo -----------------------------------------------------------
echo;
extstr=${inputfile:0-28:28}

xmlfile=${inputfile/%$extstr/xml}
macfile=${inputfile/%$extstr/txt}
tmpfile=${inputfile/%$extstr/tmp}

echo TXTfile - $macfile XMLfile - $xmlfile

gpg --passphrase $ps --decrypt $inputfile > $xmlfile

echo -----------------------------------------------------------
echo Decrypt the pgp file successfully.
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo Encrypt the %xmlfile% with customer key
echo -----------------------------------------------------------
echo;

gpg -r widevine_keys -e $xmlfile
rm $xmlfile