I want to decrypt and move a file safely. What would be the safest way to do this? My current approach:
echo "what's the passphrase?"
read -s -r key
gpg --decrypt --batch --passphrase "$key" "file.gpg" > file
mv -f "./file" "/location/file"
Are there any security issues that might occur this way?
I think your approach is ok, but it depends on what you want to achieve. Although:
"As long as you don't move the file across file-system borders, the operation should be safe" - ref.
If your priority is safety, and you don't own the system you are working on, I would consider not saving content in the file, rather copying the content directly to the clipboard (using xclip ref or clipboard-cli, if you can install it). Then you could safely store your data in a desired secure destination. In the end, emptying the buffer's cache would be a final step.
For larger files (measured in GB or more), I think saving the file on the system would be required. Then after a successful copying of it across file-system borders, you would need to clean it up - shred or wipe (ref) would be your friends here.
