gnupg: GPGSM ENCRYPT
5.6.1 Encrypting a Message
--------------------------
Before encryption can be done the recipient must be set using the
command:
RECIPIENT USERID
Set the recipient for the encryption. USERID should be the internal
representation of the key; the server may accept any other way of
specification. If this is a valid and trusted recipient the server does
respond with OK, otherwise the return is an ERR with the reason why the
recipient cannot be used, the encryption will then not be done for this
recipient. If the policy is not to encrypt at all if not all recipients
are valid, the client has to take care of this. All 'RECIPIENT'
commands are cumulative until a 'RESET' or an successful 'ENCRYPT'
command.
INPUT FD[=N] [--armor|--base64|--binary]
Set the file descriptor for the message to be encrypted to N.
Obviously the pipe must be open at that point, the server establishes
its own end. If the server returns an error the client should consider
this session failed. If N is not given, this commands uses the last
file descriptor passed to the application. ⇒the assuan_sendfd
function (assuan)fun-assuan_sendfd, on how to do descriptor passing.
The '--armor' option may be used to advise the server that the input
data is in PEM format, '--base64' advises that a raw base-64 encoding is
used, '--binary' advises of raw binary input (BER). If none of these
options is used, the server tries to figure out the used encoding, but
this may not always be correct.
OUTPUT FD[=N] [--armor|--base64]
Set the file descriptor to be used for the output (i.e. the
encrypted message). Obviously the pipe must be open at that point, the
server establishes its own end. If the server returns an error the
client should consider this session failed.
The option '--armor' encodes the output in PEM format, the '--base64'
option applies just a base-64 encoding. No option creates binary output
(BER).
The actual encryption is done using the command
ENCRYPT
It takes the plaintext from the 'INPUT' command, writes to the
ciphertext to the file descriptor set with the 'OUTPUT' command, take
the recipients from all the recipients set so far. If this command
fails the clients should try to delete all output currently done or
otherwise mark it as invalid. 'GPGSM' does ensure that there will not
be any security problem with leftover data on the output in this case.
This command should in general not fail, as all necessary checks have
been done while setting the recipients. The input and output pipes are
closed.
Info Catalog
gnupg: GPGSM Protocol
gnupg: GPGSM DECRYPT