using verify over stdin

Justin Karneges justin-psi at
Mon Nov 4 23:56:01 CET 2002

>   gpg  --enable-special-filenames --verify - '-&5' <sig 5<data
> With --enable-special-filenames you may - at most places - give an
> open file descriptor number prefixed with "-&" instead of a filename.
> "-" is the usual abbreviation for '-&0' or '-&1' depending on context.

Excellent.  Works good :)  I still wonder though, why is it a security risk to 
use stdin for both inputs?

I have another question now:  How can I extract the the key/user ID from a 
signature?  During a verify, GPG reports it on stderr, but maybe there is a 
way to get it to print to stdout in an easily parsable format?


More information about the Gnupg-devel mailing list