Decrypting/Verifying

David Shaw dshaw@jabberwocky.com
Wed Oct 16 14:43:02 2002


On Wed, Oct 16, 2002 at 06:50:10AM -0500, Scott_Carpenter@cargill.com wrote:
> Hello Gnupg Users List!
> 
> I just signed up on this list and am a relative novice with GnuPG, so 
> please be kind :-)
> 
> I checked the FAQ, man page, and handbook, but haven't seen an answer 
> to my question:
> 
> For a signed and encrypted document, I understand that the --decrypt 
> command will decrypt the message and verify the signature all in one 
> operation, but how can I tell in an automated environment that a 
> signature was attached?
> 
> I'm thinking of a scenario where a trading partner is sending us signed 
> and encrypted documents.  When I run the decrypt operation I can see 
> that the signature is verified from the stderr stream, but in batch 
> mode the only way I know that everything is ok is that an exit code of 
> 0 is returned.

In an automated environment, the best thing to do is use the
--status-fd feature and look at the data sent to that fd.  For
example,

gpg --status-fd 1 --output (whatever) --decrypt (whatever)

On FD 1, you will get status messages giving the exact results from
that encrypted message, including "GOODSIG".  See the doc/DETAILS file
for more info.  There are ways to specify pretty much every signature
case, from no signature at all, to an expired signature, to an
signature made by an expired key, etc.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson