Validating encrypted files

Peter Pentchev roam at ringlet.net
Sat Dec 8 01:42:56 CET 2007 

On Fri, Dec 07, 2007 at 01:08:36PM -0800, Alan Olsen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> I have encountered something that does not seem to be covered by any of
> the FAQs, manuals, or other general hints.  I figured I might find a
> couple of good hints here.
> 
> I have a number of files that I have received.  I can decrypt them or
> not.  I can check the signature or not.
> 
> What I want to do is verify that the file was encrypted and to what
> keys.  I can kludge something together by using --status-fd and grep.  I
> am hoping for something a little more user friendly and/or script
> friendly.  
[snip more need to know if a file is encrypted or signed correctly]

If you only want to check if the file is encrypted and to what key(s),
you can use --list-packets --list-only; this will list the outermost
packets in the OpenPGP message without doing any decryption.
Among the results there will probably be a packet that looks like this:

:pubkey enc packet: version 3, algo 16, keyid 921EB6497074473C
        data: [1022 bits]
        data: [1024 bits]

You can fish this line out with something like either of the following:

  sed -ne '/^:pubkey enc packet:/ { s/.* keyid //; s/ .*//; p;}'
  perl -nle '/^:pubkey enc packet:.* keyid (\s+)/ and print $1'

The catch with this approach is that it does not actually do any
decryption; the --list-only option takes care of that.  Thus, you cannot
see if the decryption will succeed, you cannot even see if the encrypted
message has been signed before the encryption - the signature packets are
within the encrypted data, --list-only will not analyze them.

If you want to analyze the message within, too, then it would seem the
logical thing that dropping --list-only would achieve some kind of goal;
however, from my limited testing it does not seem so.  A simple invocation
of "gpg --list-packets file.gpg" only shows a "compressed packet" and then
a "literal data packet" line, no signature checking in sight.  Of course,
if the "compressed packet" and "literal data packet" are present, the
decryption was *most probably* successful... but ICBW, and it is much too
late at night for me to actually check the GnuPG source to see if it is
possible for it to display a "literal data packet" and only then notice
that the decryption has failed.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
I am jealous of the first word in this sentence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20071208/2ce1a768/attachment.pgp

More information about the Gnupg-users mailing list