Decrypting multiple encrypted blocks on one stream using GPG
Fiedler Roman
Roman.Fiedler at ait.ac.at
Thu Jul 7 11:32:30 CEST 2016
Hello List,
I'm trying to use gnupg to solve a usecase similar to the one depicted in
[1], but the workaround from [1] is not suitable, because:
* Each file I have is larger than the machine holding the keys
* The keys cannot be moved
* The streams will take hours/days to decrypt so no interruption is
possible.
I would use following scheme to solve it:
* Have wrapper passing stdin (fd=0) unmodified to newly forked gnupg
instance
* Read passwords from tty not stdin
If I understand correctly, gnupg will not overread on stdin, so no packet
headers will be consumed on error by previous gnupg process on error after
finishing the payload packet.
A problem that remains: I have to make gnupg ask for each key password
indefinitely long. As gnupg needs to read the header to find the correct
private key, termination after the 3rd password would break the stream. Is
there any way to make gpg repeat the password question over and over?
Not yet applicable, but perhaps for next level: Same for keyring with
multiple keys, but where encrypted content was created with
"--throw-key-ids".
Roman
[1]
http://superuser.com/questions/621315/gpg-decrypting-multiple-files-in-one-s
tream
DI Roman Fiedler
Scientist
Digital Safety & Security Department
Assistive Healthcare Information Technology
AIT Austrian Institute of Technology GmbH
Reininghausstraße 13/1 | 8020 Graz | Austria
T +43(0) 50550 2957 | M +43(0) 664 8561599 | F +43(0) 50550 2950
roman.fiedler at ait.ac.at | http://www.ait.ac.at/
FN: 115980 i HG Wien | UID: ATU14703506
http://www.ait.ac.at/Email-Disclaimer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6344 bytes
Desc: not available
URL: </pipermail/attachments/20160707/af9d5e3c/attachment.bin>
More information about the Gnupg-users
mailing list