using verify over stdin

Justin Karneges justin-psi@affinix.com
Mon Nov 4 23:56:01 2002


>   gpg  --enable-special-filenames --verify - '-&5' <sig 5<data
>
> With --enable-special-filenames you may - at most places - give an
> open file descriptor number prefixed with "-&" instead of a filename.
> "-" is the usual abbreviation for '-&0' or '-&1' depending on context.

Excellent.  Works good :)  I still wonder though, why is it a security risk to 
use stdin for both inputs?

I have another question now:  How can I extract the the key/user ID from a 
signature?  During a verify, GPG reports it on stderr, but maybe there is a 
way to get it to print to stdout in an easily parsable format?

-Justin