No [GNUPG:] tag when 'not a detached signature' error
Mon Jan 6 19:46:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Am Montag, 6. Januar 2003 11:32 schrieb Xavier Nodet:
> I noticed, using GnuPG 1.2.1, that when there is an error because
> a signature should have been detached, there is never a corresponding
> message beginning with "[GNUPG:] ", although I use --status-fd.
> I got this problem when trying to verify the signature of an ill-formed
> PGP-MIME message, and parsing only the "[GNUPG:] " lines.
> Here are steps to reproduce this problem.
> C:\tmp>echo clear-text > message.txt
> C:\tmp>gpg -a --sign message.txt
> You need a passphrase to unlock the secret key
> C:\tmp>gpg --status-fd=3D2 --command-fd 0 --verify message.asc message.=
> gpg: not a detached signature
> I feel there should also be an output line like:
> [GNUPG:] ERRSIG ...
> Did I miss something?
there is a difference between "--sign" and "--detach-sign". gpg assumes a=
detach-sign when it gets more then one file as an argument where the firs=
file is the signature.=20
You have built an normal sign. There are two way to circumvent this probl=
A. Create an detach-sign with gpg --detach-sign message.txt=20
B. gpg --verify --verify message.asc <message.txt
The case B works with normal and detached signs (surprise, surprise).
Regarding to "verify.c" gpg assumes an detached sign but later in the tex=
says it assumes a normal sign.
/* decide whether we should handle a detached or a normal signature,
* which is needed so that the code later can hash the correct data a=
* not have a normal signature act as detached signature and ignoring=
* indended signed material from the 2nd file or stdin.
* 1. gpg <file - normal
* 2. gpg file - normal (or detached)
* 3. gpg file <file2 - detached
* 4. gpg file file2 - detached
* The question is how decide between case 2 and 3? The only way
* we can do it is by reading one byte from stdin and the unget
* it; the problem here is that we may be reading from the
* terminal (which could be detected using isatty() but won't work
* when under contol of a pty using program (e.g. expect)) and
* might get us in trouble when stdin is used for another purpose
* (--passphrase-fd 0). So we have to break with the behaviour
* prior to gpg 1.0.4 by assuming that case 3 is a normal
* signature (where file2 is ignored and require for a detached
* signature to indicate signed material comes from stdin by using
* case 4 with a file2 of "-".
* Actually we don't have to change anything here but can handle
* that all quite easily in mainproc.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----