Key management for archives

Werner Koch wk at
Fri Jun 9 08:24:28 CEST 2017

On Tue,  6 Jun 2017 14:39, ndk.clanbo at said:
> Is it possible to "extract" the used session key, so that the requester
> just ignores the asymmetric crypto and just uses the symmetric key to
> decode the file? Drawbacks? Other ideas?

Here is how I would do that:

 ( gpg --status-fd 1 --show-session-key --max-output 1 \
      -o /dev/null 2>/dev/null FILE || true ) \
   | awk '$1=="[GNUPG:]" && $2=="SESSION_KEY" {print $3}'

Note that gpg exists with a failure (due to the "exceeded --max-output
limit" error message) and for extra cleanness I shortcut that error.

The output can then be used with --override-session-key



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170609/1177818a/attachment.sig>

More information about the Gnupg-users mailing list