How to verify the file was successfully encrypted...
Benny Helms
benny at egovmt.com
Thu Jul 13 00:23:45 CEST 2006
On Wed, 2006-07-12 at 15:13 -0400, Jeffrey F. Bloss wrote:
> Benny Helms wrote:
>
> <snippage>
> Don't know if this will help or not, but I just did a quick test with
> GnuPG 1.4.4 and the --dry-run command line switch seem to work fine.
> Outputs to stdout rather than writing a file to disk. I changed a
> single bit in an encrypted (armored) file and tried it, and got a "CRC
> error" without entering any pass phrase at all.
>
> That's with -vv set in my options file, FWIW. And bleeding edge
> hash/cypher algorithms.
>
> Additionally, you can enter a pass phrase on the command line with the
> --passphrase switch. I tested it with both known good and known bad
> encrypted files, and if you enter a bogus/incorrect pass phrase for a
> known good file you get a "bad passphrase" error. With a known bad
> encrypted file you get the same "CRC error". Neither one requires any
> user input, which is what you want.
>
> IOW, if you...
>
> gpg -d --dry-run --passphrase boguspassphrase bad-file.asc
>
> You get the "CRC error", but if you...
>
> gpg -d --dry-run --passphrase boguspassphrase good-file.asc
>
> You get the "bad passphrase".
>
> The down side is, both are exit code '2', so you'd have to grep for the
> "verbal" response to tell the difference. But that's not a major hurdle
> and it should be trivial to "if $?" grep return codes into something
> useful.
>
> The other down side is this doesn't explicitly tell you if you have a
> *good* encrypted file, it only picks out a couple errors. To do that
> you'd have to either be sitting there entering pass phrases, or include
> them in your script. Probably not where you'd want to go with this. :(
Thanks Jeffrey. Excellent suggestion. This worked well with a .asc
file, but not with a .gpg file. Does anyone on the list have a
preference for .asc vs .gpg output? Pros? Cons? The size is almost
twice as big as a .gpg at this time, which is a definite con. But there
are probably some serious pros as well. Input?
Benny
More information about the Gnupg-users
mailing list