A script attempting to use a list of passwords against a gpg key

gpg_passwords_forum.sh

#!/bin/bash

# File containing passwords to test
PASSWORD_FILE="password_combinations.txt"
# Encrypted file you are trying to decrypt
ENCRYPTED_FILE="/Users/mickmon/Desktop/bwall.key.gpg"

if [ ! -f "$PASSWORD_FILE" ]; then
  echo "Password file not found: $PASSWORD_FILE"
  exit 1
fi

if [ ! -f "$ENCRYPTED_FILE" ]; then
  echo "Encrypted file not found: $ENCRYPTED_FILE"
  exit 1
fi

while IFS= read -r passphrase; do
  echo "Trying password: $passphrase"
  
  # Attempt decryption
  echo "$passphrase" | gpg --batch --yes --decrypt --passphrase-fd 0 --pinentry-mode loopback "$ENCRYPTED_FILE" > decrypted_output.txt 2>&1

  # Check if decryption was successful
  if [ $? -eq 0 ]; then
    echo "Success! Correct password is: $passphrase"
    exit 0
  fi
done < "$PASSWORD_FILE"

echo "No valid password found."
exit 1

decrypt is not suited for such a test since decrypt tries to convert data to plain text and this can work for unencrypted data (e.g. the output of --store) or simply signed data, or signed and encrypted data. Then you have the signature states, e.g. it is a valid signature or an invalid signature. Each of these actions would require different return codes. So simply checking for success or failure invites bad scripts which might make assumptions like. “If this is symetcrically encrypted and I can decrypt it with my password then I know that the sender also knows that password and I can trust that input”. This is why the return code of decrypt should not be used. The correct way to check the decrypt result would involve parsing status-fd.

But checking for the passphrase can be done with --dry-run and --passwd so you can adjust line 22 to:
echo "$passphrase" | gpg --passphrase-fd=0 --pinentry-mode=loopback --dry-run --batch --passwd $KEYID

And have no need for input or output