On 19 Dec 2023, at 13:53, Gilles LAMIRAL via Gnupg-devel <gnupg-devel@gnupg.org> wrote: > > >> The command "gpg --decrypt" takes a file or STDIN as input and decrypts, > >> tries to, the part between > >> -----BEGIN PGP MESSAGE----- > >> ... > >> -----END PGP MESSAGE----- > >> and also throws away every thing else. > > > > That's exactly what --decrypt is supposed to do. Try running gpg without > > --decrypt. > > > I tried gpg without --decrypt and the behavior is the same, STDIN is thrown > away > but the "-----PGP MESSAGE-----" block deciphered. > > So, what is the option to get gpg reproducing STDIN to STDOUT?
Transparently decrypting inline messages opens you up to all sorts of smuggling attacks, where it is not clear from the output which parts of the message were encrypted or not. It is therefore not a good idea in general to implement this (see: efail). However, if you have a specific use case that requires it, and you understand and accept the risk, you could try wrapping it in a loop like this (beware this is NOT TESTED): while true; do IFS= read -r line while [[ $line != “-----BEGIN PGP MESSAGE-----” ]]; do echo “$line” IFS= read -r line done echo “<<<<<BEGIN DECRYPTED MESSAGE>>>>>" { while [[ $line != “-----END PGP MESSAGE-----” ]]; do echo “$line” IFS= read -r line done echo "$line" } | gpg --decrypt --batch --no-tty --passphrase=“$P" 2>/dev/null echo “<<<<<END DECRYPTED MESSAGE>>>>>" done < mailbox.txt > decrypted-mailbox.txt A
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel