Decrypt only if signed

Werner Koch wk at
Thu Dec 20 16:05:52 CET 2007

On Mon, 17 Dec 2007 18:43, hs2412 at said:

> I am writing a batch script and the basic requirement is that GPG
> should only decrypt the file if its signed by using one of the keys in
> the keyring. If it has not been signed, just encrypted, it should
> leave it encrypted and not decrypt it.

You need to decrypt the file before you can tell whether it is signed.
GnuPG emits enough information via --status-fd to detect if the file was
signed as well as the keyID used to sign the file.  Delete the plaintext
if it has not been signed.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list