--status-fd and stderr outputs! Huh?

Joerg Toellner toellner@oss-gmbh.de
Fri May 17 14:55:01 2002

Hello Listmembers,

i am new to the list and its nice to be here. Ill hope not to be too
annyoing for you with my problems and hopefully i can halt s.o. too in the

But first i have a question hopefully not threaded too often in this list
(but even if i checked the listarchive i havent found an answer to this).

The Situation:
I use gpg 1.0.7. in an automatic, unattendend environment (a single
mailserver box under suse linux) in which i programmed a little "system"
that all outgoing mails to WAN coming from the LAN to this linux-box (our
mailserver-gateway) will be automatically encrypted if there is a public key
for the receipent of this email is present in the pubring (using the
email-address as the uid).

There is a special mailuser on this box which is for "controlling" this
gpg-system. I.e. sending a (say) "requestmail" to this special user will
result in a replymessage (automatically generated by my system) with in this
example say the fingerprint of a key if so requested.

All works fine until my errorchecking comes in play. The errorsystem is
necessary as there is neither a monitor nor a keyboard at the
mailserver-gateway-box. All communication between this gpg-system and the
user go by request- and/or answer/notficationmails) If an error occurs (say:
key not present or key signature expired) a notification mail is
automatically generated and send to the right receipent (i.E. the sender of
the requestmail) to notify him/her about the problem.

I hope it is clear enough what i mean and how it works. If you need further
information please request it.

The system is written in PERL. And after doing my own work (interpreting the
requestmail a.s.o.) i start gpg when necessary with the open3 command
capturing the stdin, stdout and stderr of gpg. I use the --status-fd option
to get the well formatted status information from gpg over the stdout from
gpg. I use --passphrase-fd as well where it is necessary to pass a
passphrase. This is done with writing to the captured stdin from gpg from my
perl script.

All works fine so far. If i i.E. decrypt a mail i get a whole bunch of Msgs.
from gpg in my perl script. All prefixed with [GNUPG: ] TAGNAME (where
tagname is the keywords described in DETAILS file). I interpret this msgs.
to decide what to do further in my system. I get some msgs in normal (non
formatted words) over the stderr from gpg too (i.e. warning using insecure
memory or whatever).

BUT if i i.E. want to extract a public key from the pubring in armor mode
(to send it to a buddy i.e.) and the key isnt present (i.E. for a spelling
error in my uid) there is NO, NOTHING, NADA at the status-fd. I got the msgs
on stderr that says: Warning key not found or so. But the well formatted
msgs on status-fd is missing.

I always thought, that the status-fd is the only thing (and recommended one)
where i have to put my "ear" on and i'll be informed about every little
thing gpg do and had done. But this seems not to be as some errors where
reported on the status-fd and others not but only at stderr. And this
although there  is a special Errortag for status-fd output for missing key

My Question
Do i sth. wrong or is it a bug or a feature that i havent understand? :-) It
will be a really pain if i were forced to interpret the normal word output
(more human readable) on stderr too, instead of using the well formatted and
easy to interpret information on status-fd.

Any hint appreciated. URLs where i can get informations, example
source-code-snippets, hints, explanations, money for this good question
:-)))) Ok ill stop now.

Thanks a lot in advance.

Joerg Toellner