Wed Oct 16 15:36:01 2002
Thanks, David. That looks like it should work just fine.
Do you think it's a safe assumption that the string GOODSIG will only
appear if there was in fact a signature?
And, is there any reason you can think of not to use --status-fd for
every GPG operation? It seems like it would be a good thing to have in
case there are errors, to provide further troubleshooting information.
From: email@example.com [mailto:firstname.lastname@example.org]
Sent: Wednesday, October 16, 2002 7:44 AM
Subject: Re: Decrypting/Verifying
On Wed, Oct 16, 2002 at 06:50:10AM -0500, Scott_Carpenter@cargill.com
> Hello Gnupg Users List!
> I just signed up on this list and am a relative novice with GnuPG, so
> please be kind :-)
> I checked the FAQ, man page, and handbook, but haven't seen an answer
> to my question:
> For a signed and encrypted document, I understand that the --decrypt
> command will decrypt the message and verify the signature all in one
> operation, but how can I tell in an automated environment that a
> signature was attached?
> I'm thinking of a scenario where a trading partner is sending us
> and encrypted documents. When I run the decrypt operation I can see
> that the signature is verified from the stderr stream, but in batch
> mode the only way I know that everything is ok is that an exit code
> 0 is returned.
In an automated environment, the best thing to do is use the
--status-fd feature and look at the data sent to that fd. For
gpg --status-fd 1 --output (whatever) --decrypt (whatever)
On FD 1, you will get status messages giving the exact results from
that encrypted message, including "GOODSIG". See the doc/DETAILS file
for more info. There are ways to specify pretty much every signature
case, from no signature at all, to an expired signature, to an
signature made by an expired key, etc.
David Shaw | email@example.com | WWW
"There are two major products that come out of Berkeley: LSD and
We don't believe this to be a coincidence." - Jeremy S. Anderson
Gnupg-users mailing list