Unable to decrypt from stdin: "public key decryption failed: Inappropriate ioctl for device"

If I execute gpg foo.gpg I'm given a dialog that looks like:

 ┌────────────────────────────────────────────────────────────────┐ │ Please enter the passphrase to unlock the OpenPGP secret key: │ │ "Edward A. Falk <>" │ │ 1024-bit ELG key, ID xxxxxxxxxxxxxxxx, │ │ │ │ │ │ Passphrase: __________________________________________________ │ │ │ │ <OK> <Cancel> │ └────────────────────────────────────────────────────────────────┘

and everything works just fine.

If I do cat foo.gpg | gpg, I get

gpg: public key decryption failed: Inappropriate ioctl for device

I've tried --passphrase-fd 0 and --batch --pinentry-mode loopback to no avail. I have gotten it to work by putting the passphrase on the command line, but I really want to avoid that if I can.

I suspect that this is somehow related to the pinentry agent, but I don't really understand how to control the agent. (I really don't know why gpg even needs one.)

I'm using gpg 2.2.26.


One small word of explanation: my stdin doesn't literally come from "cat foo.gpg"; it's actually closer to aws s3 cp "s3://myawsbucket.tar.gz.gpg" - where the named bucket is far larger than I want to store on my local machine just so I can decrypt it and extract just one file from it.

4

1 Answer

I figured out what I needed to do differently. It turns out that if gpg-agent is running and properly configured, everything will work. gpg-agent knows how to interact with the user to get the passphrase. See the gpg-agent man page for further information.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like