How to verify the file was successfully encrypted...

Alphax alphasigmax at gmail.com
Thu Jul 13 07:31:31 CEST 2006


Benny Helms wrote:
> On Wed, 2006-07-12 at 15:13 -0400, Jeffrey F. Bloss wrote:
>> Benny Helms wrote:
>>
>> <snippage>
> 
>> Don't know if this will help or not, but I just did a quick test with
>> GnuPG 1.4.4 and the --dry-run command line switch seem to work fine.
>> Outputs to stdout rather than writing a file to disk.  I changed a
>> single bit in an encrypted (armored) file and tried it, and got a "CRC
>> error" without entering any pass phrase at all. 
>>
>> That's with -vv set in my options file, FWIW. And bleeding edge
>> hash/cypher algorithms.
>>
>> Additionally, you can enter a pass phrase on the command line with the
>> --passphrase switch. I tested it with both known good and known bad
>> encrypted files, and if you enter a bogus/incorrect pass phrase for a
>> known good file you get a "bad passphrase" error. With a known bad
>> encrypted file you get the same "CRC error". Neither one requires any
>> user input, which is what you want.
>>
>> IOW, if you...
>>
>>  gpg -d --dry-run --passphrase boguspassphrase bad-file.asc 
>>
>> You get the "CRC error", but if you...
>>
>>  gpg -d --dry-run --passphrase boguspassphrase good-file.asc
>>
>> You get the "bad passphrase".
>>
>> The down side is, both are exit code '2', so you'd have to grep for the
>> "verbal" response to tell the difference. But that's not a major hurdle
>> and it should be trivial to "if $?" grep return codes into something
>> useful.
>>
>> The other down side is this doesn't explicitly tell you if you have a
>> *good* encrypted file, it only picks out a couple errors. To do that
>> you'd have to either be sitting there entering pass phrases, or include
>> them in your script. Probably not where you'd want to go with this. :(
> 
> Thanks Jeffrey.  Excellent suggestion.  This worked well with a .asc
> file, but not with a .gpg file.  Does anyone on the list have a
> preference for .asc vs .gpg output?  Pros?  Cons?  The size is almost
> twice as big as a .gpg at this time, which is a definite con.  But there
> are probably some serious pros as well.  Input?
> 

.asc files are immune to mangling of CR/LF characters which may be
present in binary data, which often happens when you transfer via email
or FTP.

-- 
                Alphax
        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 564 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060713/95e9c8cc/signature.pgp


More information about the Gnupg-users mailing list