I want to use gpg from another user (user2), so that the primary user (user1) does not have access to the encrypted file, but only to the part the script will output.
Added a sudo rule for user1 to run /bin/gpg
as user2. When I try to execute user1@host: sudo -u user2 gpg /home/user2/pass.gpg
an error gpg: decryption failed: No secret key
appears (symmetric encryption).
I add the --pinentry-mode loopback
parameter, the password is requested directly in the console (without any "Enter password" or input field, just on a new line) and decryption takes place.
From what I've read, using the pinentry-mode loopback
option reduces security because the password is transferred without using gpg-agent, but directly with gpg. Did I get it right or is this parameter safe to use? Or is there another way to achieve your goal?