mail_decrypt_verify.sh

#!/bin/sh

umask 077

fail_common () {
    echo '' >&2
    echo '-------------------------- Sleeping for 10 seconds -------------------------' >&2
    sleep 10
    exit 1
}

pgp_failed () {
    echo "$0: Your pgp command failed" >&2
    echo '' >&2
    cat ${TDIR}/stderr >&2
    fail_common
}

unencrypted_msg () {
    cat ${TDIR}/f* > ${TDIR}/msgcopy
    if grep -q -- '^-----BEGIN PGP SIGNED MESSAGE-----' ${TDIR}/msgcopy; then
        gpg --batch --no-tty --decrypt ${TDIR}/msgcopy >${TDIR}/vrfdmsg 2>>${TDIR}/stderr || pgp_failed
        cat ${TDIR}/msgcopy |
            sed -e '/^-----BEGIN PGP SIGNED MESSAGE-----/,/^-----END PGP SIGNATURE-----/ d' \
                > ${TDIR}/msgstrip
        cat ${TDIR}/msgstrip
        cat ${TDIR}/vrfdmsg
    elif grep -q -m1 '^Content-Type:.*multipart/signed' ${TDIR}/msgcopy; then
        bndr=$(cat ${TDIR}/msgcopy |
        sed -n -e '/^Content-Type:.*multipart\/signed/,/boundary=/ p; /boundary=/ q' |
        grep -P -o '(?<=boundary=")[[:graph:]]*?(?=")' |
        sed -e 's:[]\[\^\$\.\*\/]:\\&:g')
        cat ${TDIR}/msgcopy |
        sed -n -e '/^--'"${bndr}"'\r*$/,/^--'"${bndr}"'\r*$/{/^--'"${bndr}"'\r*$/b;/^--'"${bndr}"'\r*$/b;p;}' |
        sed -e '$d' > ${TDIR}/msgbody
        cat ${TDIR}/msgcopy |
        sed -n -e '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ p' > ${TDIR}/msgsign
        gpg --verify ${TDIR}/msgsign ${TDIR}/msgbody 2>${TDIR}/stderr || pgp_failed
        cat ${TDIR}/msgcopy |
        sed -n -e '1,/^Content-Type:.*multipart\/signed/{/^Content-Type:.*multipart\/signed/b;p;}' > ${TDIR}/msgstrip
        sed -e 's/^=2E/./' -e 's/^=2D/-/' -e 's/^=46/F/' -e 's/^=66/f/' ${TDIR}/msgbody |
        sed ':a
N
$!ba
s/=^M\n//g' |
        sed -e 's,=20, ,g' -e 's,=3D,=,g' |
        sed -e 's/\x0D$//g' > ${TDIR}/vrfdmsg
        cat ${TDIR}/msgstrip
        cat ${TDIR}/vrfdmsg
    else
        cat ${TDIR}/msgcopy
    fi
    exit 0
}

decrypt_mime () {
    cat ${TDIR}/f* | awk '
BEGIN {
    FS=":"
    ORS="|"
}
{
    if ( $0 == "" ) exit;
    if ( $0 ~ /^[[:graph:]].*?:/ && $0 !~ /^Content-[[:graph:]].*?:/ ) print $1;
}
' | sed 's/|$//' > ${TDIR}/hdrnms

    grep -P -hzo '(?ms)^('$(cat ${TDIR}/hdrnms)'):.*?$(\n( ){1,}.*?$){0,}' ${TDIR}/f0[01] > ${TDIR}/hdrs

    if grep -q -m1 '^Content-Type:.*multipart/signed' ${TDIR}/message; then
        bndr=$(cat ${TDIR}/message |
        sed -n -e '/^Content-Type:.*multipart\/signed/,/boundary=/ p; /boundary=/ q' |
        grep -P -o '(?<=boundary=")[[:graph:]]*?(?=")' |
        sed -e 's:[]\[\^\$\.\*\/]:\\&:g')
        cat ${TDIR}/message |
        sed -n -e '/^--'"${bndr}"'\r*$/,/^--'"${bndr}"'\r*$/{/^--'"${bndr}"'\r*$/b;/^--'"${bndr}"'\r*$/b;p;}' |
        sed -e '$d' > ${TDIR}/msgbody
        cat ${TDIR}/message |
        sed -n -e '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ p' > ${TDIR}/msgsign
        gpg --verify ${TDIR}/msgsign ${TDIR}/msgbody 2>${TDIR}/stderr || pgp_failed
            sed -e 's/^=2E/./' -e 's/^=2D/-/' -e 's/^=46/F/' -e 's/^=66/f/' ${TDIR}/msgbody |
            sed ':a
N
$!ba
s/=^M\n//g' |
            sed -e 's,=20, ,g' -e 's,=3D,=,g' |
            sed -e 's/\x0D$//g' > ${TDIR}/dcrptmsg
    else
        sed -e 's/^=2E/./' -e 's/^=2D/-/' -e 's/^=46/F/' -e 's/^=66/f/' ${TDIR}/message |
        sed ':a
N
$!ba
s/=^M\n//g' |
        sed -e 's,=20, ,g' -e 's,=3D,=,g' |
        sed -e 's/\x0D$//g' > ${TDIR}/dcrptmsg
    fi

    ctype=$(grep -E -o -m1 '^Content-Type: [a-z]*?/[a-z]*?' ${TDIR}/dcrptmsg | sed -e 's/^Content-Type: //')
    if [ "$ctype" = "text/plain" ]; then
        grep -P -zo '(?ms)^Content-.*?:.*?$(\n( ){1,}.*?$){0,}' ${TDIR}/dcrptmsg >> ${TDIR}/hdrs
    else
        sed -n -e '/boundary=/ p; /boundary=/ q; /^Content-Type:/ p' ${TDIR}/dcrptmsg >> ${TDIR}/hdrs
    fi

    cat ${TDIR}/hdrs
    echo ''
    cat ${TDIR}/dcrptmsg | sed -e '1,/^$/ d'
    exit 0
}

decrypt_inline () {
        cat ${TDIR}/f0? | awk '
BEGIN {
        FS=":"
        ORS="|"
}
{
        if ( $0 == "" ) exit;
    if ( $0 ~ /^[[:graph:]].*?:/ ) print $1;
}
' | sed -e 's/|$//' > ${TDIR}/hdrnms

    grep -P -hzo '(?ms)^('$(cat ${TDIR}/hdrnms)'):.*?$(\n( ){1,}.*?$){0,}' ${TDIR}/f0[01] > ${TDIR}/hdrs

    cat ${TDIR}/message | grep -q -- '^-----BEGIN PGP SIGNED MESSAGE-----$' && \
        ( gpg --batch --no-tty --decrypt ${TDIR}/message >${TDIR}/vrfdmsg 2>>${TDIR}/stderr \
        || pgp_failed ) || cat ${TDIR}/message >${TDIR}/vrfdmsg

    cat ${TDIR}/hdrs
    echo ''
    cat ${TDIR}/vrfdmsg
    exit 0
}

: ${TMPDIR:=/tmp}
TDIR=`mktemp -d ${TMPDIR}/ppf_mime_decrypt.XXXXXXXX` ||
    {   echo '' >&2
    echo "$0: mktemp failed, exiting" >&2
    fail_common;}

trap "rm -f ${TDIR}/* ; rmdir ${TDIR} ; exit" 0 1 2 15

csplit -s -k -f ${TDIR}/f - '/^Content-Type: /' '{9}' 2>/dev/null

# Reliably find the encrypted file
cfile=`grep -l '^-----BEGIN PGP MESSAGE-----$' ${TDIR}/f*`
case "$cfile" in
'') unencrypted_msg
;;
esac

/usr/bin/gpg --batch --no-tty --passphrase %yourpassphrase% -o${TDIR}/message --decrypt $cfile 2>${TDIR}/stderr || pgp_failed

# Determine if we're decrypting MIME message or not
mfile=$( cat ${TDIR}/f0[01] | grep -E -o -m1 '^Content-Type: [a-z]*?/[a-z]*?' | sed -e 's/^Content-Type: //')
case "$mfile" in
"multipart/encrypted")
    decrypt_mime
;;
"text/plain")
    decrypt_inline
;;
*)
    echo "$0: unrecognized Content-Type, terminating" >&2
    fail_common
;;
esac