No [GNUPG:] tag when 'not a detached signature' error

Thomas Arend Thomas.Arend@t-online.de
Mon Jan 6 19:46:02 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Montag, 6. Januar 2003 11:32 schrieb Xavier Nodet:
> Hi,
>
> I noticed, using GnuPG 1.2.1, that when there is an error because
> a signature should have been detached, there is never a corresponding
> message beginning with "[GNUPG:] ", although I use --status-fd.
>
> I got this problem when trying to verify the signature of an ill-formed
> PGP-MIME message, and parsing only the "[GNUPG:] " lines.
>
> Here are steps to reproduce this problem.
>
> C:\tmp>echo clear-text > message.txt
> C:\tmp>gpg -a --sign message.txt
> You need a passphrase to unlock the secret key
> ...
> C:\tmp>gpg --status-fd=3D2 --command-fd 0 --verify message.asc message.=
txt
> gpg: not a detached signature
> C:\tmp>
>
> I feel there should also be an output line like:
>
> [GNUPG:] ERRSIG ...
>
> Did I miss something?

Hi,

there is a difference between "--sign" and "--detach-sign". gpg assumes a=
=20
detach-sign when it gets more then one file as an argument where the firs=
t=20
file is the signature.=20

You have built an normal sign. There are two way to circumvent this probl=
em.

A. Create an detach-sign with gpg --detach-sign message.txt=20
or=20
B. gpg --verify  --verify message.asc <message.txt

The case B works with normal and detached signs (surprise, surprise).
Regarding to "verify.c" gpg assumes an detached sign but later in the tex=
t it=20
says it assumes a normal sign.

Best regards



Thomas

from verify.c


    /* decide whether we should handle a detached or a normal signature,
     * which is needed so that the code later can hash the correct data a=
nd
     * not have a normal signature act as detached signature and ignoring=
 the
     * indended signed material from the 2nd file or stdin.
     * 1. gpg <file        - normal
     * 2. gpg file         - normal (or detached)
     * 3. gpg file <file2  - detached
     * 4. gpg file file2   - detached
     * The question is how decide between case 2 and 3?  The only way
     * we can do it is by reading one byte from stdin and the unget
     * it; the problem here is that we may be reading from the
     * terminal (which could be detected using isatty() but won't work
     * when under contol of a pty using program (e.g. expect)) and
     * might get us in trouble when stdin is used for another purpose
     * (--passphrase-fd 0).  So we have to break with the behaviour
     * prior to gpg 1.0.4 by assuming that case 3 is a normal
     * signature (where file2 is ignored and require for a detached
     * signature to indicate signed material comes from stdin by using
     * case 4 with a file2 of "-".
     *
     * Actually we don't have to change anything here but can handle
     * that all quite easily in mainproc.c
     */
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Gc+N2TqsmTFMxwkRAl+yAKCh/da//8idJKBZcCd8UB0bfzlCHgCfekb9
Uxl5hf6Pi/PgeIFJNH9XQD8=3D
=3DN/T+
-----END PGP SIGNATURE-----