For use in a larger script, I am trying to use a fifo together with gpg. First I have an encrypted file secrets.txt.gpg
me@box:~$ touch secrets.txt
me@box:~$ echo 'first secret' > secrets.txt
me@box:~$ gpg -c secrets.txt
and a short pass phrase is entered twice ('easy').
Now I would like to decrypt the secrets file, add an element and do something with the result. To keep it simple I just eg. want to cat the result. Trying
me@box:~$ mkfifo fifo
me@box:~$ gpg -d secrets.txt.gpg > fifo &
[5] 9405
me@box:~$ echo 'second secret' > fifo &
[5] 9405
me@box:~$ cat < fifo
gpg: CAST5 encrypted data
second secret
leaves the shell unresponsive until Ctrl-C. I have tried with process substitution giving
me@box:~$ cat <(gpg -d secrets.txt.gpg) <(echo 'second secret') > fifo &
[7] 9422
me@box:~$ gpg: CAST5 encrypted data
Enter passphrase: easy
bash: easy: command not found
me@box:~$
How can I write the output to a pipe after decryption by gpg -d, add entries and later encrypt to disc?
gpg needs the passphrase before it will output the decrypted file. In the first example,
gpg -d secrets.txt.gpg > fifo &
the process is run in the background and so can't get the passphrase from the user. I found that
gpg --passphrase easy -d secrets.txt.gpg > fifo &
or
echo easy | gpg --passphrase-fd 0 -d secrets.txt.gpg > fifo &
would give the following output from cat <fifo:
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: first secret
WARNING: message was not integrity protected