How to verify the file was successfully encrypted...

George Ross gdmr at
Fri Jul 14 16:56:51 CEST 2006

> > How about if you append a hash of the file to the file, and encrypt that 
> > too?  Then have the remote machine do the trial decrypt-and-check-hash.  If 
> > all is OK the remote machine can then tell the local one to delete the 
> > original; and if it's not OK, it can scream at you.
> Better than that, if you get GPG to sign the file when it encrypts it
> (using a passwordless key/subkey) and/or use the MDC option, you'll be
> able to do this more reliably...

Wasn't the original poster looking for something which didn't require 
trusting one particular piece of software?  If they're happy to go with 
gpg, or to use two different PGP implementations at the two ends, then 
sign+encrypt would indeed appear to cover it.

(Of course, it's not quite true signing, in the sense that it's only there 
as a check against corruption, and the signing key will be visible on the 
source machine.)
Dr George D M Ross, School of Informatics, University of Edinburgh
    Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ
Mail: gdmr at   Voice: +44 131 650 5147   Fax: +44 131 667 7209
 PGP: 1024D/AD758CC5  B91E D430 1E0D 5883 EF6A  426C B676 5C2B AD75 8CC5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 238 bytes
Desc: not available
Url : /pipermail/attachments/20060714/c61502c4/attachment-0001.pgp

More information about the Gnupg-users mailing list