Re: How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout?
On Mon, Mar 18, 2024 at 9:58 AM Werner Koch via Gnupg-users wrote: > > On Sat, 16 Mar 2024 21:26, B.S. said: > > ... (Windows 10) [DOS] cmd ... [*NOT* powershell] > > ... cygwin gpg ... > > [Do not use a Cygwin build of gpg - this is not supported. Use a > standard build for WIndows.] Thanks kindly. Found https://dev.gnupg.org/T4059 {Jul 8 2018} from Werner, to explain the point: > Note that Cygwin is not a supported platform. Seems that the exec functions > don't work on this 64 bit variant. and > ... it seems that GnuPG can be used on 32 bit Cygwin Very Good to know. And ... 32-bit cygwin is no longer maintained / supported, as of version 3.3.6, around 11/11/2022, per https://cygwin.com/pipermail/cygwin-announce/2022-November/010810.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout?
On 2024-03-19 00:01, Bee via Gnupg-users wrote: However if you known the passphrase, you can pass it to gpg directly using --passphrase-file and --pinentry-mode=loopback. I figured, but am trying to avoid having the passphrase land on disk at all. Due to the way a pipe works there is not much you can do here. Except (I would hope?) if gpg were to make sure nothing is written to stdout until after passphrase was completely acquired, before decrypting and writing the decrypt to sdtout, I don't expect less will have cleared the screen to that point. [Less waits to clear screen, etc., until after it receives something / anything at stdin. (?)] You are using a Cygwin version of the standard shell here? No, standard DOS prompt (Win 10). Just that cygwin is along the path. (It's win jq, in this case, however.) [cygwin less.exe being quieter and more functional than dos' more.exe.] make sure that jq.exe gets its EPIPE from the failed gpg.exe. (1) EPIPE? As in '2|' - that's a thing (in 'Win 10' dos)? EPIPE is the C/POSIX error code a program receives when the pipe it reads from ends. In this case the ordinary stdout pipe. However the Microsoft CMD.EXE supports a surprisingly large subset of Unixshell options, but sometimes with slightly different syntax. Some but not all ofthis is documented in the builtin help output such as cmd /? and set /? etc. However in this case the problem is that the shell, whichever you use, will start the redirection to jq immediately, because the shell knows nothing about gpg.exe or what part of its user interface to treat specially. Using a "pinentry-program" helper that prompts via the Win32/X11 GUI is the official solution for such cases. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout?
Bee via Gnupg-users wrote: However if you known the passphrase, you can pass it to gpg directly using --passphrase-file and --pinentry-mode=loopback. I figured, but am trying to avoid having the passphrase land on disk at all. Could you set up a RAM disk for this? (I think Windows still has those, but it has been a few years since I have used Windows any significant amount.) -- Jacob ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout?
> However if you known the passphrase, you can pass it to gpg directly using > --passphrase-file and --pinentry-mode=loopback. I figured, but am trying to avoid having the passphrase land on disk at all. > Due to the way a pipe works there is not much you can do here. Except (I would hope?) if gpg were to make sure nothing is written to stdout until after passphrase was completely acquired, before decrypting and writing the decrypt to sdtout, I don't expect less will have cleared the screen to that point. [Less waits to clear screen, etc., until after it receives something / anything at stdin. (?)] > You are using a Cygwin version of the standard shell here? No, standard DOS prompt (Win 10). Just that cygwin is along the path. (It's win jq, in this case, however.) [cygwin less.exe being quieter and more functional than dos' more.exe.] > make sure that jq.exe gets its EPIPE from the failed gpg.exe. (1) EPIPE? As in '2|' - that's a thing (in 'Win 10' dos)? (2) gpg has not failed here. I guess the issue is also gpg displaying prompt, also confusing less. I will have to try 'gpg.exe -d somefile.gpg < con: 2> nul: | jq.exe | less', or something like. Curious that '( gpg.exe -d somefile.gpg | jq.exe ) | less' displays sufficiently well - I'm guessing I'm just getting lucky with (sub-shell?) delays, giving things time to display. On Mon, Mar 18, 2024 at 9:55 AM Werner Koch wrote: > > On Sat, 16 Mar 2024 21:26, B.S. said: > > ... (Windows 10) [DOS] cmd ... [*NOT* powershell] > > ... cygwin gpg ... > > [Do not use a Cygwin build of gpg - this is not supported. Use a > standard build for WIndows.] > > > How can I have gpg pause to receive its passphrase, before it starts > > outputing decrypt to stdout? > > Due to the way a pipe works there is not much you can do here. Except > for having some kind buffering tool in between. Howeverm if you known > the passphrase, you can pass it to gpg directly using --passphrase-file > and --pinentry-mode=loopback. > > > So if gpg could finish getting its passphrase from 'readline' before > > opening stdout (that less then sees to clear the screen and open its > > The pipeline is constructed by the shell (cmd.exe) and file descriptors > are given to the programs. There is nothing any of the programs can do > here. In fact when using a pipeline in this way, the next program in > the line should be able to handle the output of the former which means > it will expect valid output. > > > So far: > > ( gpg.exe -d somefile.gpg | jq.exe ) | less > > You are using a Cygwin version of the standard shell here? In this case > make sure that jq.exe gets its EPIPE from the failed gpg.exe. > > You may consider to use gpgme-json as a higher level API to gpg. But of > course it does not work the usual way in a pipe. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout?
> However if you known the passphrase, you can pass it to gpg directly using > --passphrase-file and --pinentry-mode=loopback. I figured, but am trying to avoid having the passphrase land on disk at all. > Due to the way a pipe works there is not much you can do here. Except (I would hope?) if gpg were to make sure nothing is written to stdout until after passphrase was completely acquired, before decrypting and writing the decrypt to sdtout, I don't expect less will have cleared the screen to that point. [Less waits to clear screen, etc., until after it receives something / anything at stdin, IIRC.] > You are using a Cygwin version of the standard shell here? No, standard DOS prompt (Win 10). Just that cygwin is along the path. (It's win jq, in this case, however.) [cygwin less.exe being quieter and more functional than dos' more.exe.] > make sure that jq.exe gets its EPIPE from the failed gpg.exe. (1) EPIPE? As in '2|' - that's a thing (in 'Win 10' dos)? (2) gpg has not failed here. I guess the issue is also gpg displaying prompt, also confusing less. I will have to try 'gpg.exe -d somefile.gpg < con: 2> nul: | jq.exe | less', or something like. Curious that '( gpg.exe -d somefile.gpg | jq.exe ) | less' displays sufficiently well - I'm guessing I'm just getting lucky with (sub-shell?) delays, giving things time to display. On Mon, Mar 18, 2024 at 9:58 AM Werner Koch via Gnupg-users wrote: > > On Sat, 16 Mar 2024 21:26, B.S. said: > > ... (Windows 10) [DOS] cmd ... [*NOT* powershell] > > ... cygwin gpg ... > > [Do not use a Cygwin build of gpg - this is not supported. Use a > standard build for WIndows.] > > > How can I have gpg pause to receive its passphrase, before it starts > > outputing decrypt to stdout? > > Due to the way a pipe works there is not much you can do here. Except > for having some kind buffering tool in between. Howeverm if you known > the passphrase, you can pass it to gpg directly using --passphrase-file > and --pinentry-mode=loopback. > > > So if gpg could finish getting its passphrase from 'readline' before > > opening stdout (that less then sees to clear the screen and open its > > The pipeline is constructed by the shell (cmd.exe) and file descriptors > are given to the programs. There is nothing any of the programs can do > here. In fact when using a pipeline in this way, the next program in > the line should be able to handle the output of the former which means > it will expect valid output. > > > So far: > > ( gpg.exe -d somefile.gpg | jq.exe ) | less > > You are using a Cygwin version of the standard shell here? In this case > make sure that jq.exe gets its EPIPE from the failed gpg.exe. > > You may consider to use gpgme-json as a higher level API to gpg. But of > course it does not work the usual way in a pipe. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout?
On Sat, 16 Mar 2024 21:26, B.S. said: > ... (Windows 10) [DOS] cmd ... [*NOT* powershell] > ... cygwin gpg ... [Do not use a Cygwin build of gpg - this is not supported. Use a standard build for WIndows.] > How can I have gpg pause to receive its passphrase, before it starts > outputing decrypt to stdout? Due to the way a pipe works there is not much you can do here. Except for having some kind buffering tool in between. Howeverm if you known the passphrase, you can pass it to gpg directly using --passphrase-file and --pinentry-mode=loopback. > So if gpg could finish getting its passphrase from 'readline' before > opening stdout (that less then sees to clear the screen and open its The pipeline is constructed by the shell (cmd.exe) and file descriptors are given to the programs. There is nothing any of the programs can do here. In fact when using a pipeline in this way, the next program in the line should be able to handle the output of the former which means it will expect valid output. > So far: > ( gpg.exe -d somefile.gpg | jq.exe ) | less You are using a Cygwin version of the standard shell here? In this case make sure that jq.exe gets its EPIPE from the failed gpg.exe. You may consider to use gpgme-json as a higher level API to gpg. But of course it does not work the usual way in a pipe. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout?
... (Windows 10) [DOS] cmd ... [*NOT* powershell] ... cygwin gpg ... How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout? e.g. gpg -c < secretdata.json.pgp | jq | less - less is happening before gpg has 'readlined' the passphrase, and things get ... all confused. [I don't mind not seeing things (such as the password request) on stdout, but herein it seems both less and gpg are trying to consume stdin.] So if gpg could finish getting its passphrase from 'readline' before opening stdout (that less then sees to clear the screen and open its window, and start showing its incoming data), things would be ... unconfused. So far: ( gpg.exe -d somefile.gpg | jq.exe ) | less seems to do it (give gpg time to acquire the passphrase), but the '()'s involved certainly weren't intuitive. It there a way for 'gpg -d file.gpg' to finish acquiring the passphrase (via 'readline') before it starts writing to stdout (triggering less' screen clearing and stdout watching)? I have come across '--batch' which seems no help, as it cuts off stdin, preventing gpg -d from 'readlining' a passphrase. (There seems a corresponding '--pinentry-mode loopback' to '--batch', but that doesn't seem in play yet, to that point in the sequence.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users