Although gpg is in most cases used in a pipeline or via file descriptors, the classic use case of decrypting on the command line is still relevant. To avoid that a broken decrypted file lingers around on the disk it seems to be better to integrate the write-to-tmpfile-and-rename method in openfile.c and do the rename only after a good decryption.