does gpg ever write to stdout in if a file could not be decrypted?

Werner Koch wk at
Mon Nov 23 11:59:20 CET 2009

On Sat, 21 Nov 2009 15:38, philcerf at said:

> But could it EVER happen, that gpg still printed something to stdout?

Sure, if gpg detects that the file was corrupt it might have even
wirtten the whole plaintext out before it has the oppurtunity to check
the MIC (message integrity code) or the signature.  You can't avoid
that.  The exit code will be not 0 in that case.

> I mean imagine very big files... I cannot believe that gpg caches them
> until it knows whether decryption has successful or not?!

Right, it does noch cache a file so that it can be used in a pipeline.

To see what really went fron you should check the status code emitted to
the file descriptor given by --status-FD N.  Or use GPGME, which does
return anice stat about the decryption process.  Anyway, you need to
throw away the failed decrypted text yourself.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list