GNUPG CLI endless loop when using --batch and --decrypt on detached signature file

Harakiri harakiri_23 at yahoo.com
Wed Apr 22 11:17:46 CEST 2009 




--- On Tue, 4/21/09, Werner Koch <wk at gnupg.org> wrote:

> From: Werner Koch <wk at gnupg.org>
> Subject: Re: GNUPG CLI endless loop when using --batch and --decrypt on detached signature file
> To: harakiri_23 at yahoo.com
> Cc: gnupg-users at gnupg.org
> Date: Tuesday, April 21, 2009, 4:29 PM
> On Tue, 21 Apr 2009 20:29, Harakiri said:
> 
> > Im using --batch in unattended mode but when i use
> --decrypt on a detached signature file there is no way to
> quit the program except control + c - what am i supposed to
> do? status-fd does not indicate that this is a signature
> file (not encrypted) - so i cant do anything
> 
> According to your problem description you are not using
> --batch:

I DO, please reread what i wrote - the problem exists because i USE batch!

I simply wanted to show how gnupg acts :

a) using -decrypt *without* batch on detached signature file

gpg --no-options --status-fd 2 --yes --output out.out --decrypt in.in.asc
Detached signature.
Please enter name of data file: <file>
No such file, try again or hit enter to quit.

OK i should enter something and can quit with <enter>.

*THIS IS FINE* Its not for unattended mode, just showing i could escape as a user with tty.

b) now using -decrypt *with* batch on detached signature file 

gpg --no-options --status-fd 2 --batch --yes --output out.out --decrypt in.in.asc

*THIS IS THE ISSUE* Automatic programs cannot escape this process ever.

Its an endless loop, im requested to enter something in stdin but neither enter nor a filename will quit this modus, furthermore i believe that if --decrypt and status-fd 2 recognizes a DETACHED signatur it should show some kind of status or error and then QUIT because automatic programs cannot escape this call anymore


> ask the user for additional data (e.g. the passphrase)
> without getting
> into conflicts with the pipeline.  Because it is not easy
> to decide
> whether a tty is available or not, unattended usage
> requires the use of
> the --batch option.

Im perfectly aware of --batch and piping passphrases, im using gnupg for unattended decryption/verification/signing/encryption.

> 
> Controlling gpg using --status-fd / --command-fd is an
> advanced method
> and I can't give an introduction to this right now. 

You dont need to, i have been using it since at least 5 years and it works perfectly till i found this case with detached signatures and --batch --decrypt



Thanks

More information about the Gnupg-users mailing list