I've been scripting up a few things recently and my inability to send
nicely formatted OpenPGP messages was starting to really bug
me. I had been encrypting my logwatch output with gpg and just
emailing the raw gpg out to myself, but it's annoying to have to ESC-P
every time I want to decrypt a log. The tipping point came while I
was writing up a script to automatically email grades out to my
students (not that any of the student's care about PGP, but it's the
principle of the thing ;), since there's no way I'm going to send them
raw gpg output (they would die) and there's also no way I'm going to
hold Mutt's hand while it signs the emails. I dunno why Mutt doesn't
have some --batch
mode options to support PGP, but there it is.
So I wrote my own. Not very complicated really, just implementing the RFC 3156 specs. There's obviously room for improvement, but it works well enough to make me happy at the momemt. Email me with (encrypted!) feedback.
echo 'use_agent' >> ~/.gnupg/gpg.conf
export GPG_TTY=$(tty)
eval $(gpg-agent --daemon)
FROM="From: me@example.edu"
for student in $(cat big_list); do
HEAD=$(echo -e "$FROM\nTo: $STUDENT@example.edu\nSubject: Grades")
BODY=$(echo -e "$STUDENT,\n\nGood job!")
send_pgp_mime -H <(echo "$HEAD") -B <(echo "$BODY") --mode sign
done
Note that I'm brushing some gpg-agent
details under the rug. man
gpg-agent
does a reasonable job of clarifying.