decrypt aes256 encrypted file without gpg-agent

Werner Koch wk at
Mon Jun 29 11:49:13 CEST 2020

On Sun, 28 Jun 2020 16:24, Robert J. Hansen said:

> GnuPG sees the symmetrically encrypted message and knows it needs to
> recover/derive a key.  It calls gpg-agent, which in turn calls pinentry.

In addition gpg-agent also takes care of caching passphrases which makes
even symmetrically encryption more convenient.  It is also used to
figure out a suitable number of hash iteration to make new symmetric
passphrase encryption stronger - this can't be done by a plain command
line tool.

In theory it is possible to pass a set of option to avoid the use of
gpg-agent for plain symmetric encryption but as soon as any pubkey key
is used as an alternative to the symmetric encryption the agent is
required to check whether a private key exists.  From engineering and
security POVs it does not make sense to special case very rare use



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list