Option --use-embedded-filename does not work as expect
Closed, ResolvedPublic

Description

Using GnuPG 2.2.10 for Windows, with the use case of:

  • unattended file decryption (via scheduled task)
  • passphrase entry on command line
  • use embedded filename for decrypted file
  • log to file

We are seeing the following warning in the log file:

YYYY-MM-DD HH:MM:SS gpg[9096] WARNING: no command supplied.  Trying to guess what you mean ...

The following command line is used:

gpg.exe --log-file logfile.txt --batch --yes --pinentry-mode loopback --passphrase "the passphrase" --use-embedded-filename "encryptedfile.pgp"

From our understanding, this is the command we have to use for this unattended decryption using embedded filename to work. We cannot use --decrypt as the decryption is to file not standard output, and we cannot use "output" as the decrypted file needs to use the embedded filename, which is not known in advance.

If indeed the command line above is correct for our described use case then there should not be a warning produced about no command supplied and the program having to guess at what was meant by the command line.

pa_am created this task.Fri, May 10, 11:51 PM
werner triaged this task as Normal priority.Tue, May 14, 11:57 AM
werner added a subscriber: werner.

There is actually a problem with --use-embedded-filename. Given that the option his highly dangerous to use we have not tested this for ages. We will see what you we can about it.

In any case I suggest not to use this option and instead decrypt to a temporay file and then rename it to the embeded file name after checking that this file name is harmless. When using the --status-fd option gpg tells the filename as part of the PLAINTEXT status message.

werner renamed this task from GnuPG Producing a Warning in Error(?) to Option --use-embedded-filename does not work as expect.Tue, May 14, 11:57 AM
werner closed this task as Resolved.Fri, May 17, 1:45 PM
werner claimed this task.

Fix will go into 2.2.16 to be release this month.