nested verification?

Johnicholas Hines johnicholas.hines at gmail.com
Wed Jan 5 17:38:21 CET 2011


On Wed, Jan 5, 2011 at 3:20 AM, Werner Koch <wk at gnupg.org> wrote:
> On Tue,  4 Jan 2011 22:37, johnicholas.hines at gmail.com said:
>
>> Is there a built-in way to reverse the double-dash mangling for nested
>> clearsigned messages?
>
>  gpg --verify --output inner.asc outer.asc
>
> Verifies the outer signature and writes the signed text to inner.asc
> which may then be verified as usual.

Thank you for your suggestion, I tried it with the version of gnupg
that came with Ubuntu, then again with the latest version, but I don't
seem to be getting any output.

What am I doing wrong?

johnicholas at johnicholas-desktop:~$ cat signed_test.asc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

test test, a small message for testing
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFNI1GZ98l7Z5I2qcERAtFdAJ0Uo4kTq+EQgWsnSXGTMD81yTnFTQCfR0VH
FBZs/qlhwuLYeK7w5YB37XQ=
=PPm+
- -----END PGP SIGNATURE-----

Okay, I am confirming receipt of a small message for testing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFNI1Nz98l7Z5I2qcERAisAAJ4i9jKyNUzEI4E+09w1OZwY/VmazgCfTLoJ
sKfy3wRWOKULVrCC10U/RXs=
=wTMl
-----END PGP SIGNATURE-----
johnicholas at johnicholas-desktop:~$ gpg --verify --output
verified_test.asc signed_test.asc
gpg: Signature made Tue 04 Jan 2011 12:05:55 PM EST using DSA key ID 9236A9C1
gpg: Good signature from "Someone Somewhere (Fake name for testing)
<someone.somewhere at fake.email.com>"
johnicholas at johnicholas-desktop:~$ cat verified_test.asc
cat: verified_test.asc: No such file or directory

I tried to see if there was a permissions problem using strace, but it
doesn't seem to be calling open or stat on the output file.

johnicholas at johnicholas-desktop:~$ strace -o gpgrun.strace gpg
--verify --output verified_test.asc signed_test.asc
gpg: Signature made Tue 04 Jan 2011 12:05:55 PM EST using DSA key ID 9236A9C1
gpg: Good signature from "Someone Somewhere (Fake name for testing)
<someone.somewhere at fake.email.com>"
johnicholas at johnicholas-desktop:~$ grep verified gpgrun.strace
execve("/usr/local/bin/gpg", ["gpg", "--verify", "--output",
"verified_test.asc", "signed_test.asc"], [/* 40 vars */]) = 0


Thank you for your help,

Johnicholas



More information about the Gnupg-users mailing list