using verify over stdin

David Shaw dshaw@jabberwocky.com
Tue Nov 5 00:44:02 2002


On Mon, Nov 04, 2002 at 02:57:47PM -0800, Justin Karneges wrote:
> >   gpg  --enable-special-filenames --verify - '-&5' <sig 5<data
> >
> > With --enable-special-filenames you may - at most places - give an
> > open file descriptor number prefixed with "-&" instead of a filename.
> > "-" is the usual abbreviation for '-&0' or '-&1' depending on context.
> 
> Excellent.  Works good :)  I still wonder though, why is it a security risk to 
> use stdin for both inputs?
> 
> I have another question now:  How can I extract the the key/user ID from a 
> signature?  During a verify, GPG reports it on stderr, but maybe there is a 
> way to get it to print to stdout in an easily parsable format?

Ta da!

gpg --status-fd x

Format is given in the DETAILS file in the doc/ directory.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson