GPG file encryption

Discussions in English on using Fedora
#1

I’m trying to learn GPG encryption and noticed when I encrypt a file with "gpg -c "
the file created is filename.gpg as expected. But when I try to “cat filename.gpg” from command line the file appears to be encrypted (just gibberish on screen) but when I use “less filename.gpg” it displays just as before when the file was just named “filename”.

Is this a bug? Or do I miss understand gpg. I thought it should prompt me for a key with which to decrypt the file.

In application “Files” it attempts to open the file with gedit which shows the gibberish. Also doesn’t prompt for key.

How should this work? Don’t understand the premise about encrypting a file if you can just view it with the command less whether it’s encrypted or not with the key.

1 Like
#2

Sounds like you are doing something wrong:

> less test.conf.pgp 
"test.conf.pgp" may be a binary file.  See it anyway?

It’s easier to use with the Seahorse plugin:
How to configure the gui for GPG Pinentry in Gnome? - #2 by vgaetera

#3

Less is doing a lot of magic behind the scenes!

If you look in your environment, you will see you have the variable LESSOPEN set to a command lesspipe.sh. Less will run this command on its argument file. If you look inside lessopen.sh (it is a readable shell script) you will find this script will recognize very many file types. It will uncompress compressed files, it will list the contents of tar and rpm files, and, in particular, it will decode any file with a .gpg suffix.

I assume you tried this shortly after encrypting the file. In that case a GPG agent still held the passphrase. If you try it again later, I expect you will get promptef for the passphrase if you try to do less on the same file.

@vgaetera tried with a file ending with a .pgp suffix. Lessopen.sh does not recognize that suffix, and didn’t do anything with it. This is probably why he got the question about viewing a binary file.

If you want to run less without applying the preprocessing filter you can use the option -L or --no-lessopen.

See the section INPUT PREPROCESSOR in the manual page for less for all the details about this!

1 Like
#4

OK, I installed seahorse-nautlius as seahorse was already installed. The GUI app Files now works as far as prompting for the key to decrypt the file, but instead of just displaying the file it creates a copy of the decrypted file. I would think that it should just display the decrypted file or at least give an option to create the decrypted file. Also the decrypted file remains in the file system, so you have to manually remove it and then clean up the “Trash” . Not an ideal situation!

Goeran you are correct I was using less immediately afterward and less or gnome was remembering the encryption key. If I log out and back in less does prompt for the key. I’m satisfied with the less behavior but still don’t like how “Files” handles it.

Thanks for the reply