Decrypt only if signed

Gregor Zattler telegraph at
Thu Dec 20 14:21:11 CET 2007

Hi Hardeep,
* Hardeep Singh <hs2412 at> [17. Dez. 2007]:
> I am writing a batch script and the basic requirement is that GPG
> should only decrypt the file if its signed by using one of the keys in
> the keyring. If it has not been signed, just encrypted, it should
> leave it encrypted and not decrypt it.

This is not possible since normally (via gpg --sign --encrypt
...) signed and encrypted files are first signed and then
encryted in order to reveal the signature and therefore the
originator of the file only to the intended audience. Therefore
you have to encrypt the file in order to "see" the signature.

If you control the way the file is generated in the first place
you could do this in two steps: first encrypt then sign the
encrypted file.

Then you can simply check the signature of the file and proceed
depending on the outcome of the signature check.

Ciao, Gregor
 -... --- .-. . -.. ..--.. ...-.-

More information about the Gnupg-users mailing list