Extraction of decryption session key without copying complete encrypted file

Fiedler Roman Roman.Fiedler at ait.ac.at
Mon Aug 28 14:00:02 CEST 2017

> Von: Werner Koch [mailto:wk at gnupg.org]
> On Mon, 28 Aug 2017 12:00, peter at digitalbrains.com said:
> > The gpg process communicates its TTY to the agent so the pinentry
> knows
> > where to pop up. This is a feature, not a bug. But when you
> deliberately
> > want to pop it up elsewhere...
> If you don't want that feature the --keep-tty and --keep-display options
> for gpg-agent may be useful:
>    Ignore requests to change the current tty or X window system's
>    DISPLAY variable respectively.  This is useful to lock the pinentry
>    to pop up at the tty or display you started the agent.
> That feature was once implemented for a user who liked to keep the
> pinentry popping up in fixed screen(1) session.

Thanks for the hint.

Just for reference: with all the suggestions from you and Peter, I have 
created following script which performs all steps as expected:

tmpDir="$(mktemp -d)"
screen -S GpgAgent -d -m -- gpg-agent --homedir 
"${GpgHomeDir}" --daemon --log-file 
"${tmpDir}/agent.log" --allow-loopback-pinentry --pinentry-program 
/usr/bin/pinentry --debug-pinentry --keep-tty --debug-all --daemon --no-detach 
/bin/sleep 100000
sleep 1
GpgHomeDir="${GpgHomeDir}" tmpDir="${tmpDir}" screen -S Decryptor -d -m --  
/bin/bash -c 'cat decryptlist.txt | (
  cd "${tmpDir}"
  gpgAgentPid="$(grep -E -e "^[0-9-]{10} [0-9:]{8} gpg-agent\\[[0-9]+\\] 
gpg-agent .* started\$" -- "${tmpDir}/agent.log" | tail -n 1 | sed -r -e 
"s/^.* gpg-agent\\[([0-9]+)\\] .*/\\1/")"
  while read -r fileName gpgPreamble; do
    echo "Extracting key from ${fileName}"
    echo "${gpgPreamble}" | base64 -d | gpgsplit
    (cat 000001-001.pk_enc; echo "0gsBAAAAAAAAAAAAAA==" | base64 -d) | 
gpg --use-agent --homedir "${GpgHomeDir}" --show-session-key
  done) 2>&1 | tee decryptlist.log'
screen -R GpgAgent
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4814 bytes
Desc: not available
URL: </pipermail/attachments/20170828/40cc23ad/attachment.bin>

More information about the Gnupg-users mailing list