Extraction of decryption session key without copying complete encrypted file

Fiedler Roman Roman.Fiedler at ait.ac.at
Fri Aug 25 16:08:33 CEST 2017


Addendum: agent-use

> From: Werner Koch [mailto:wk at gnupg.org]
>
> On Fri,  4 Aug 2017 14:36, Roman.Fiedler at ait.ac.at said:
> > Ah, that's great - and actually the first nice gpg-agent feature apart 
> > from
> > gpg-agent being little annoying when running it on RAM-disks in early 
> > boot.
>
> (And the ssh-agent support, which is one of the mos useful features I
>  have on my box for 10 years or so.)

I tried to use the agent support that way. One reason for low adoption might 
be, that using the provided documentation, it is just not possible to get a 
simple batch scenario working on Ubuntu 16.04 server setups without spending a 
whole day and debugging into the sources. No matter what combination of 
gpg/gpg2 binaries and agents you use, batch decryption fails at one or the 
other point when using the agent, e.g.

2017-08-25 13:03:52 gpg-agent[24047] DBG: error calling pinentry: No such 
device or address <Pinentry>

or

gpg: DBG: chan_6 <- ERR 83918950 Inappropriate ioctl for device <Pinentry>

or related to incompatibilities between source server gpg version and target 
server when attempting remote configurations. I guess the agent works fine on 
Microsoft and perhaps also desktop systems, but it just cannot be automated in 
pure commandline only setups.

If someone knows a script (or two to be executed in separate terminals, would 
also be OK) working on Ubuntu 16.05 with gpg 1.4.20 or 2.1.11 that just

a) launch the agent
b) batch decrypt a list of files
c) asks for passphrase if new secret key is required
d) after completion, terminate all processes required during a-c and perform 
cleanup

that would be very helpful.

LG R
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4814 bytes
Desc: not available
URL: </pipermail/attachments/20170825/a981b661/attachment-0001.bin>


More information about the Gnupg-users mailing list