Decrypting PGP/MIME on the command line

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Mar 2 00:34:55 CET 2015


On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote:
> On Sun,  1 Mar 2015 15:32, rpuls at kcore.de said:
>
>> is there a command line utility that takes a PGP/MIME encrypted message
>> (a plain RFC 2822 text file) and outputs an unencrypted copy? The
>
> Not really.  MIME is a structured format and as such it may result in a
> bunch of encrypted, non-nencrypted, signed, unsigned,
> message/alternative sub-documents.  Thus it is not easy to write a
> general purpose command line tool.

python's email module is quite good for programmatically handling mime
parts if you want to manipulate an e-mail (though it may not be so good
for reconstructing it in some sort of bytewise exact fashion).

> You may start with gpgparsemail which is not installed bald build as
> part of gnupg in the tools directory.  It returns an annotated format
> which might be easier for further processing steps than plain MIME.
>
> If you only want to decrypt a standard MIME encrypted mail, it is easy.
> Simply pipe the entire mail through gpg and you will get the decrypted
> MIME container.

You should also note that any decryption like this is likely to remove
any OpenPGP signature as well, for those MUAs that do the
encryption+signing step all in one OpenPGP piece (i believe that the
gpgtools mail.app plugin places the OpenPGP signature inside a
multipart/signed MIME message, which is then itself encrypted, rather
than placing encryption and signatures all in the OpenPGP part
directly).

A tool that transforms an OpenPGP encrypted+signed MIME message into an
OpenPGP-signed MIME message while retaining the original signature would
be a really nice tool to have.

 --dkg



More information about the Gnupg-users mailing list