Option in gpg to copy STDIN to STDOUT instead of nowhere.
Werner Koch
wk at gnupg.org
Wed Dec 20 14:49:22 CET 2023
On Tue, 19 Dec 2023 14:42, Andrew Gallagher said:
> Transparently decrypting inline messages opens you up to all sorts of
> smuggling attacks, where it is not clear from the output which parts
Right.
> while true; do
> IFS= read -r line
> while [[ $line != “-----BEGIN PGP MESSAGE-----” ]]; do
> echo “$line”
> IFS= read -r line
> done
> echo “<<<<<BEGIN DECRYPTED MESSAGE>>>>>"
FWIW, here we get into the first trouble. Inserting a plaintext
followed by some pages of white space or several FF after the BEGIN
header followed by another BEGIN header allows to push something else
underneath a signed (and encrypted) message.
That is also why PGP/MIME is a better way to send mails than inline PGP.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20231220/ad20fc45/attachment.sig>
More information about the Gnupg-devel
mailing list