If I execute gpg foo.gpg I'm given a dialog that looks like:
┌────────────────────────────────────────────────────────────────┐ │ Please enter the passphrase to unlock the OpenPGP secret key: │ │ "Edward A. Falk <>" │ │ 1024-bit ELG key, ID xxxxxxxxxxxxxxxx, │ │ │ │ │ │ Passphrase: __________________________________________________ │ │ │ │ <OK> <Cancel> │ └────────────────────────────────────────────────────────────────┘and everything works just fine.
If I do cat foo.gpg | gpg, I get
gpg: public key decryption failed: Inappropriate ioctl for deviceI've tried --passphrase-fd 0 and --batch --pinentry-mode loopback to no avail. I have gotten it to work by putting the passphrase on the command line, but I really want to avoid that if I can.
I suspect that this is somehow related to the pinentry agent, but I don't really understand how to control the agent. (I really don't know why gpg even needs one.)
I'm using gpg 2.2.26.
One small word of explanation: my stdin doesn't literally come from "cat foo.gpg"; it's actually closer to aws s3 cp "s3://myawsbucket.tar.gz.gpg" - where the named bucket is far larger than I want to store on my local machine just so I can decrypt it and extract just one file from it.
1 Answer
I figured out what I needed to do differently. It turns out that if gpg-agent is running and properly configured, everything will work. gpg-agent knows how to interact with the user to get the passphrase. See the gpg-agent man page for further information.