Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

6
  • Unless there is a hideous bug in PGP / GnuPG nobody has discovered yet, your worries have no basis in fact. Attacking the decryption process of GPG messages doesn't seem promising to me at all. Commented Feb 17, 2018 at 1:01
  • 1
    You always cat decrypted emails directly from the shell? Wow, that's hard-core. Commented Feb 17, 2018 at 1:24
  • 1
    If you're concerned about something messing with bash or the terminal, why not send the output to a file? Commented Feb 17, 2018 at 1:48
  • @Pascal Actually, GnuPG is rather hideous. It is not only sane, but very smart to be worried about this. Commented Feb 17, 2018 at 4:12
  • @forest: Really? You'd be worried about being attacked by a security vulnerability report someone encrypted with PGP/GnuPG? Don't you think that if GnuPG poses a problem in the described context, then whatever process OP has in place to handle these reports is also susceptible to an attack that doesn't involve GnuPG? If OP is worried about shell scripts getting executed by mistake, then obviously there is a much more serious problem in the pipeline he uses. GnuPG / PGP aren't the main issue here. Commented Feb 17, 2018 at 10:00