How to verify the file was successfully encrypted...

Benny Helms benny at
Thu Jul 13 00:23:45 CEST 2006

On Wed, 2006-07-12 at 15:13 -0400, Jeffrey F. Bloss wrote:
> Benny Helms wrote:
> <snippage>

> Don't know if this will help or not, but I just did a quick test with
> GnuPG 1.4.4 and the --dry-run command line switch seem to work fine.
> Outputs to stdout rather than writing a file to disk.  I changed a
> single bit in an encrypted (armored) file and tried it, and got a "CRC
> error" without entering any pass phrase at all. 
> That's with -vv set in my options file, FWIW. And bleeding edge
> hash/cypher algorithms.
> Additionally, you can enter a pass phrase on the command line with the
> --passphrase switch. I tested it with both known good and known bad
> encrypted files, and if you enter a bogus/incorrect pass phrase for a
> known good file you get a "bad passphrase" error. With a known bad
> encrypted file you get the same "CRC error". Neither one requires any
> user input, which is what you want.
> IOW, if you...
>  gpg -d --dry-run --passphrase boguspassphrase bad-file.asc 
> You get the "CRC error", but if you...
>  gpg -d --dry-run --passphrase boguspassphrase good-file.asc
> You get the "bad passphrase".
> The down side is, both are exit code '2', so you'd have to grep for the
> "verbal" response to tell the difference. But that's not a major hurdle
> and it should be trivial to "if $?" grep return codes into something
> useful.
> The other down side is this doesn't explicitly tell you if you have a
> *good* encrypted file, it only picks out a couple errors. To do that
> you'd have to either be sitting there entering pass phrases, or include
> them in your script. Probably not where you'd want to go with this. :(

Thanks Jeffrey.  Excellent suggestion.  This worked well with a .asc
file, but not with a .gpg file.  Does anyone on the list have a
preference for .asc vs .gpg output?  Pros?  Cons?  The size is almost
twice as big as a .gpg at this time, which is a definite con.  But there
are probably some serious pros as well.  Input?


More information about the Gnupg-users mailing list