Input and output FDs are set the same way as in encryption, but
INPUT refers to the ciphertext and output to the plaintext. There
is no need to set recipients.
GPGSM automatically strips any
S/MIME headers from the input, so it is valid to pass an
entire MIME part to the INPUT pipe.
The encryption is done by using the command
It performs the decrypt operation after doing some check on the internal state. (e.g. that all needed data has been set). Because it utilizes the GPG-Agent for the session key decryption, there is no need to ask the client for a protecting passphrase - GpgAgent takes care of this by requesting this from the user.