Next: GPGSM DECRYPT, Up: GPGSM Protocol [Contents][Index]
Before encryption can be done the recipient must be set using the command:
RECIPIENT userID
Set the recipient for the encryption. userID should be the
internal representation of the key; the server may accept any other way
of specification. If this is a valid and trusted recipient the server
does respond with OK, otherwise the return is an ERR with the reason why
the recipient cannot be used, the encryption will then not be done for
this recipient. If the policy is not to encrypt at all if not all
recipients are valid, the client has to take care of this. All
RECIPIENT
commands are cumulative until a RESET
or an
successful ENCRYPT
command.
INPUT FD[=n] [--armor|--base64|--binary]
Set the file descriptor for the message to be encrypted to n. Obviously the pipe must be open at that point, the server establishes its own end. If the server returns an error the client should consider this session failed. If n is not given, this commands uses the last file descriptor passed to the application. See the assuan_sendfd function in the Libassuan manual, on how to do descriptor passing.
The --armor
option may be used to advice the server that the
input data is in PEM format, --base64
advices that a
raw base-64 encoding is used, --binary
advices of raw binary
input (BER). If none of these options is used, the server
tries to figure out the used encoding, but this may not always be
correct.
OUTPUT FD[=n] [--armor|--base64]
Set the file descriptor to be used for the output (i.e. the encrypted message). Obviously the pipe must be open at that point, the server establishes its own end. If the server returns an error he client should consider this session failed.
The option armor encodes the output in PEM format, the
--base64
option applies just a base 64 encoding. No option
creates binary output (BER).
The actual encryption is done using the command
ENCRYPT
It takes the plaintext from the INPUT
command, writes to the
ciphertext to the file descriptor set with the OUTPUT
command,
take the recipients from all the recipients set so far. If this command
fails the clients should try to delete all output currently done or
otherwise mark it as invalid. GPGSM
does ensure that there
will not be any
security problem with leftover data on the output in this case.
This command should in general not fail, as all necessary checks have been done while setting the recipients. The input and output pipes are closed.
Next: GPGSM DECRYPT, Up: GPGSM Protocol [Contents][Index]