You have just set up your 2FA with your private GPG key at a website such as Archetyp.
Next time after introducing your login and password you will be asked to complete the
authentication process by decrypting a GPG message and act according to the instructions that it provides. Seeing such a message you might think:
I am not going to store this throway message lest I forget to shred it. And so you proceed
to decrypt it in your terminal by running:
gpg -d
and pasting the copied message to your stdin. In case of authenticating at Archetyp that would fail (GPG would just annoyingly pause on you) because such message is signed.
gpg -d
without the path to the encrypted file is great for decrypting messages only if they are not signed, otherwise it will produce no input. Such behaviour of GPG is also a useful hint at the possibility of dealing with a signed message.
With signed message you need to paste it into a text file and then specify the path to the file to be decrypted. I wrote a Bash script that implements this along with subsequent shredding of the file:#!/bin/bash decrypt_file() { echo "The path to the file to be decrypted?" read file gpg -d ${file} echo "Deleting ${file}?[Y/b]";read ch if [[ "$ch" == 'y' ]]; then shred -u "${file}" fi echo "${file} has just got decrypted." } decrypt_file
P.S. I think that Archetyp's wiki is a good educational resource that a beginner user of public key encryption tools might benefit from whether they are or are not into drugs.
gpg -d
works fine with standard input. It doesn't distinguish between signed and unsigned. At least it's not mentioned in the documentation:shred
does not work at all on journalled file systems like NTFS and ext4.