On 19 Dec 2023, at 13:53, Gilles LAMIRAL via Gnupg-devel <gnupg-devel@gnupg.org> wrote: > > >> The command "gpg --decrypt" takes a file or STDIN as input and decrypts, > >> tries to, the part between > >> -----BEGIN PGP MESSAGE----- > >> ... > >> -----END PGP MESSAGE----- > >> and also throws away every thing else. > > > > That's exactly what --decrypt is supposed to do. Try running gpg without > > --decrypt. > > > I tried gpg without --decrypt and the behavior is the same, STDIN is thrown > away > but the "-----PGP MESSAGE-----" block deciphered. > > So, what is the option to get gpg reproducing STDIN to STDOUT?
Transparently decrypting inline messages opens you up to all sorts of smuggling
attacks, where it is not clear from the output which parts of the message were
encrypted or not. It is therefore not a good idea in general to implement this
(see: efail).
However, if you have a specific use case that requires it, and you understand
and accept the risk, you could try wrapping it in a loop like this (beware this
is NOT TESTED):
while true; do
IFS= read -r line
while [[ $line != “-----BEGIN PGP MESSAGE-----” ]]; do
echo “$line”
IFS= read -r line
done
echo “<<<<<BEGIN DECRYPTED MESSAGE>>>>>"
{
while [[ $line != “-----END PGP MESSAGE-----” ]]; do
echo “$line”
IFS= read -r line
done
echo "$line"
} | gpg --decrypt --batch --no-tty --passphrase=“$P" 2>/dev/null
echo “<<<<<END DECRYPTED MESSAGE>>>>>"
done < mailbox.txt > decrypted-mailbox.txt
A
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel
