Decrypting/Verifying

Scott_Carpenter@cargill.com Scott_Carpenter@cargill.com
Wed Oct 16 15:36:01 2002


Thanks, David.  That looks like it should work just fine.

Do you think it's a safe assumption that the string GOODSIG will only 
appear if there was in fact a signature?

And, is there any reason you can think of not to use --status-fd for 
every GPG operation?  It seems like it would be a good thing to have in 
case there are errors, to provide further troubleshooting information.

Scott

-----Original Message-----
From: dshaw@jabberwocky.com [mailto:dshaw@jabberwocky.com]
Sent: Wednesday, October 16, 2002 7:44 AM
To: gnupg-users@gnupg.org
Subject: Re: Decrypting/Verifying


On Wed, Oct 16, 2002 at 06:50:10AM -0500, Scott_Carpenter@cargill.com 
wrote:
> Hello Gnupg Users List!
> 
> I just signed up on this list and am a relative novice with GnuPG, so 
> please be kind :-)
> 
> I checked the FAQ, man page, and handbook, but haven't seen an answer 
> to my question:
> 
> For a signed and encrypted document, I understand that the --decrypt 
> command will decrypt the message and verify the signature all in one 
> operation, but how can I tell in an automated environment that a 
> signature was attached?
> 
> I'm thinking of a scenario where a trading partner is sending us 
signed 
> and encrypted documents.  When I run the decrypt operation I can see 
> that the signature is verified from the stderr stream, but in batch 
> mode the only way I know that everything is ok is that an exit code 
of 
> 0 is returned.

In an automated environment, the best thing to do is use the
--status-fd feature and look at the data sent to that fd.  For
example,

gpg --status-fd 1 --output (whatever) --decrypt (whatever)

On FD 1, you will get status messages giving the exact results from
that encrypted message, including "GOODSIG".  See the doc/DETAILS file
for more info.  There are ways to specify pretty much every signature
case, from no signature at all, to an expired signature, to an
signature made by an expired key, etc.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW 
http://www.jabberwocky.com/
+-----------------------------------------------------------------------
----+
   "There are two major products that come out of Berkeley: LSD and 
UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users