Problems using decrypt in unattended environment

Holger Sesterhenn
Tue Jul 8 13:48:03 2003


gpg 1.2.2, compiled statically using gcc 3.2, linux.

I would like to decrypt and verify PGP/INLINE messages automatically.
I have all private and public keys in my keyrings.

For the last 2 month

gpg --batch --no-tty --status-fd 2 --output "dest-file" \
	--decrypt "source-file"

did a great job. Until yesterday!

I received a mail with a simple encrypted message (BEGIN PGP MESSAGE) but
something was different with the signature. The working gnupg process was
killed by my wathdog process after half an our working (on a 2900 bytes
mail!!!!). Trying to find out what went wrong (calling without --no-tty
--batch ) I was surprised that gnupg detected a detached signature and
asked for a file name:

Detached signature.
Please enter name of data file:

This was no multipart mail! I then processed the mail again without trying
to decrypt and used enigmail. Enigmail processed the mail correctly but
with an error message "bad signature".

OK, what is different between my call and enigmail? Enigmail seem to pipe
the mail data to stdin because when I use '-d < source-file' no question
for the data file was emited and I got the same error message.

What can I do if I want to omit the question for the data file and don't
want to use piping? Is there any option for this?

Who can explain this detached thing more precisely?

The sender uses Outlook and a plugin called "CryptoEx" to create this message.

On the other hand it's a little bit strange that gnupg is waiting for
manual input if someone uses '--batch --no-tty' ...

Best Regards,

Holger Sesterhenn