GNUPG CLI endless loop when using --batch and --decrypt on detached signature file
harakiri_23 at yahoo.com
Wed Apr 22 11:17:46 CEST 2009
--- On Tue, 4/21/09, Werner Koch <wk at gnupg.org> wrote:
> From: Werner Koch <wk at gnupg.org>
> Subject: Re: GNUPG CLI endless loop when using --batch and --decrypt on detached signature file
> To: harakiri_23 at yahoo.com
> Cc: gnupg-users at gnupg.org
> Date: Tuesday, April 21, 2009, 4:29 PM
> On Tue, 21 Apr 2009 20:29, Harakiri said:
> > Im using --batch in unattended mode but when i use
> --decrypt on a detached signature file there is no way to
> quit the program except control + c - what am i supposed to
> do? status-fd does not indicate that this is a signature
> file (not encrypted) - so i cant do anything
> According to your problem description you are not using
I DO, please reread what i wrote - the problem exists because i USE batch!
I simply wanted to show how gnupg acts :
a) using -decrypt *without* batch on detached signature file
gpg --no-options --status-fd 2 --yes --output out.out --decrypt in.in.asc
Please enter name of data file: <file>
No such file, try again or hit enter to quit.
OK i should enter something and can quit with <enter>.
*THIS IS FINE* Its not for unattended mode, just showing i could escape as a user with tty.
b) now using -decrypt *with* batch on detached signature file
gpg --no-options --status-fd 2 --batch --yes --output out.out --decrypt in.in.asc
*THIS IS THE ISSUE* Automatic programs cannot escape this process ever.
Its an endless loop, im requested to enter something in stdin but neither enter nor a filename will quit this modus, furthermore i believe that if --decrypt and status-fd 2 recognizes a DETACHED signatur it should show some kind of status or error and then QUIT because automatic programs cannot escape this call anymore
> ask the user for additional data (e.g. the passphrase)
> without getting
> into conflicts with the pipeline. Because it is not easy
> to decide
> whether a tty is available or not, unattended usage
> requires the use of
> the --batch option.
Im perfectly aware of --batch and piping passphrases, im using gnupg for unattended decryption/verification/signing/encryption.
> Controlling gpg using --status-fd / --command-fd is an
> advanced method
> and I can't give an introduction to this right now.
You dont need to, i have been using it since at least 5 years and it works perfectly till i found this case with detached signatures and --batch --decrypt
More information about the Gnupg-users