Decrypting PGP/MIME on the command line
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Mar 2 00:34:55 CET 2015
On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote:
> On Sun, 1 Mar 2015 15:32, rpuls at kcore.de said:
>> is there a command line utility that takes a PGP/MIME encrypted message
>> (a plain RFC 2822 text file) and outputs an unencrypted copy? The
> Not really. MIME is a structured format and as such it may result in a
> bunch of encrypted, non-nencrypted, signed, unsigned,
> message/alternative sub-documents. Thus it is not easy to write a
> general purpose command line tool.
python's email module is quite good for programmatically handling mime
parts if you want to manipulate an e-mail (though it may not be so good
for reconstructing it in some sort of bytewise exact fashion).
> You may start with gpgparsemail which is not installed bald build as
> part of gnupg in the tools directory. It returns an annotated format
> which might be easier for further processing steps than plain MIME.
> If you only want to decrypt a standard MIME encrypted mail, it is easy.
> Simply pipe the entire mail through gpg and you will get the decrypted
> MIME container.
You should also note that any decryption like this is likely to remove
any OpenPGP signature as well, for those MUAs that do the
encryption+signing step all in one OpenPGP piece (i believe that the
gpgtools mail.app plugin places the OpenPGP signature inside a
multipart/signed MIME message, which is then itself encrypted, rather
than placing encryption and signatures all in the OpenPGP part
A tool that transforms an OpenPGP encrypted+signed MIME message into an
OpenPGP-signed MIME message while retaining the original signature would
be a really nice tool to have.
More information about the Gnupg-users