How can I have gpg pause to receive its passphrase, before it starts outputing decrypt to stdout?

omcujl92 at duck.com omcujl92 at duck.com
Tue Mar 19 00:01:53 CET 2024


> However if you known the passphrase, you can pass it to gpg directly using --passphrase-file and --pinentry-mode=loopback.
I figured, but am trying to avoid having the passphrase land on disk at all.

> Due to the way a pipe works there is not much you can do here.
Except (I would hope?) if gpg were to make sure nothing is written to
stdout until after passphrase was completely acquired, before
decrypting and writing the decrypt to sdtout, I don't expect less will
have cleared the screen to that point. [Less waits to clear screen,
etc., until after it receives something / anything at stdin. (?)]

> You are using a Cygwin version of the standard shell here?
No, standard DOS prompt (Win 10). Just that cygwin is along the path.
(It's win jq, in this case, however.) [cygwin less.exe being quieter
and more functional than dos' more.exe.]

> make sure that jq.exe gets its EPIPE from the failed gpg.exe.
(1) EPIPE? As in '2|' - that's a thing (in 'Win 10' dos)?
(2) gpg has not failed here. I guess the issue is also gpg displaying
prompt, also confusing less.

I will have to try 'gpg.exe -d somefile.gpg < con: 2> nul: | jq.exe |
less', or something like.

Curious that '( gpg.exe -d somefile.gpg | jq.exe ) | less' displays
sufficiently well - I'm guessing I'm just getting lucky with
(sub-shell?) delays, giving things time to display.


On Mon, Mar 18, 2024 at 9:55 AM Werner Koch <wk at gnupg.org> wrote:
>
> On Sat, 16 Mar 2024 21:26, B.S. said:
> > ... (Windows 10) [DOS] cmd ... [*NOT* powershell]
> > ... cygwin gpg ...
>
> [Do not use a Cygwin build of gpg - this is not supported.  Use a
> standard build for WIndows.]
>
> > How can I have gpg pause to receive its passphrase, before it starts
> > outputing decrypt to stdout?
>
> Due to the way a pipe works there is not much you can do here.  Except
> for having some kind buffering tool in between.  Howeverm if you known
> the passphrase, you can pass it to gpg directly using --passphrase-file
> and --pinentry-mode=loopback.
>
> > So if gpg could finish getting its passphrase from 'readline' before
> > opening stdout (that less then sees to clear the screen and open its
>
> The pipeline is constructed by the shell (cmd.exe) and file descriptors
> are given to the programs.  There is nothing any of the programs can do
> here.  In fact when using a pipeline in this way, the next program in
> the line should be able to handle the output of the former which means
> it will expect valid output.
>
> > So far:
> > ( gpg.exe -d somefile.gpg | jq.exe ) | less
>
> You are using a Cygwin version of the standard shell here?  In this case
> make sure that jq.exe gets its EPIPE from the failed gpg.exe.
>
> You may consider to use gpgme-json as a higher level API to gpg.  But of
> course it does not work the usual way in a pipe.




More information about the Gnupg-users mailing list