silent mode; signing headers

Zack Weinberg zack at
Thu Jun 18 16:14:12 CEST 1998

On Thu, 18 Jun 1998 09:40:40 +0200, Werner Koch wrote:
>Zack Weinberg <zack at> writes:
>> First, a `silent mode' for verifying signatures.  In this mode g10
>> reads a file and indicates whether the signature is good or not by
>> its exit status, but produces no output.  Exit codes should
>that should be possible with gpg --batch --verify.  I can make sure
>that you get these exit codes:
>  0 - okay
>  1 - can't check signature (unknown algorithm, no public key)
>  >= 2 - program failure.
>I don't think that it is a good idea to use exit codes as this is
>complicated if gnupg is used in a pipe (yes, bash 2 has a facility for
>this).  A better way is to parse the output of gpg: when used with
>--status-fd 2 you will see lines 
>[GNUPG:] keyword more stuff
>which are quite easy to parse.

That I could live with, but INN's verification mechanism wants it all
in the exit codes.  I was hoping to be able to eliminate the wrapper
script.  On the other hand, as you say

>> Second, it would be nice to be able to sign some of the headers of a
>> message as well as its content.  This allows the recipient to check
>I do not think gnupg should do this; it is MUA relatated stuff.  I'd
>suggest do invent some MIME encoding for this.  A way to do this is
>to bring the headers in a standard format (MTA may rewrite them), hash
>them and put the hashvalue as printable string into the contents of
>the message (or simply copy the headers into the contents).

this would require me to keep the wrapper anyway, and I do think this
is reasonable.


More information about the Gnupg-devel mailing list