encryption/decryption without files

Ciprian Dorin Craciun ciprian.craciun at gmail.com
Thu Sep 20 10:50:57 CEST 2012

On Thu, Sep 13, 2012 at 7:16 PM, David Smith <Dave.Smith at st.com> wrote:
> OK, so here's a list of issues:
> 3. If you're thinking of piping the output of an existing, unsecured
> editor into gpg, then that's not going to work, as the "stdout" will
> contain what it wants to print on the screen and the reactions to all
> your keypresses, not the actual message.

    Not necessarily, because a text editor could do the following...

    * it's clear that most editors use `ncurses` (or similar) to
interact with the console;
    * and it seems that `ncurses` does use stdin and stdout;

    * when starting a text editor could check if stdin or stdout are
pipes and not TTY's;
    * at the same time it should check that stderr is a TTY; (this is
mandatory for the following to work);
    * if so it could `dup` the stdin and stdout descriptors to obtain
a "copy" of the pipes;
    * and it should `dup2(2,0); dup2(2,1)` to replace the stdin and
stdout with a "copy" of the TTY; thus `ncurses` would be very happy;
    * use the "copy" pipes to take the text, edit it, and write the text out.

    Thus someone could write something similar like:
gpg2 -a -d <file-v1.asc | smart-editor | gpg2 -a -e -s >file-v2.asc

    Of course (to my knowledge) none of the "mainstream" editors seem
to do this.

    You could also try to "fool" some editors by something like (not
tested) (but be careful to save the file as `/dev/fd/5`):
gpg2 -a -d ... \
| dump-editor /dev/fd/4 \
     4<&0 0</dev/tty 5>&1 1>/dev/tty \
| gpg -a -e -s


    P.S.: For some years I'm using my own "homegrown" text editor that
does exactly what I've described in the first section.
    !!! BUT !!! It's written in Python (thus swap is your disclosure
enemy), and if it crashes it writes a copy of the text to `/tmp`

    P.P.S.: I've though for some time to implement something similar in Go...

More information about the Gnupg-users mailing list