Positive Verification?

Kevin Calman codex24 at gmail.com
Mon Jun 20 22:22:55 CEST 2005

Please forgive if this has been asked and answered before, I have just
suscribed and can't figure out how to search the archives....
  I am using GPG 1.4.0 under cygwin on Windows XP/P SP2. I am making
up a process for encrypted archiving, where the same user will create
signed and encrypted content, and potentially verify and decrypt this
content after retrival from off-site media. I need to confirm that the
file received was authentically produced by the same user. The files
are large binary archives.
  I have public and private keys for the generic identity, "user" and
I create the file thusly:
> gpg -u user -r user -r my-identity -o file.tar.gpg -se file.tar
When I verify the file, there is no prompt for secret key passphrase,
I get no useful output, and the command always succeeds (i.e., always
a 0 return code). I verfy as follows:
> gpg --verify-files file.tar.gpg
If I actually decrypt the file, I do a passphrase prompt, I get useful
output which identifies which identity is decrypting the file.
Shouldn't verify-files do the same thing?
  Assuming I have multiple private keys, and a file is encrypted to
mulitple recipients, how do I selecting which identity to use to
verify and/or decrypt the file?
  Thanks for any info you can provide.
Opinions herein are exclusively my own, unless you share them.
Kevin Calman, codex24 at gmail dot com, Austin, TX, US

More information about the Gnupg-users mailing list