signature verification data

Daniel Kahn Gillmor dkg at
Sun Mar 25 15:18:37 CEST 2012

On 03/25/2012 02:33 AM, auto15963931 at wrote:
> When an encrypted file sent to me is both encrypted and signed,
> when I use a command like this:
> gpg -o file-out -d file-in
> I can see the signature verification data appear as standard
> output, in the terminal, while the file-out contents are separated
> from it.  Is there a way to have the signature verification data
> appended to the file-out text message itself or possibly some other
> way of preserving this verification data and keeping them together?
> I am referring to the command line interface, but I noticed that
> GPA also keeps them separated. Thanks.

you can use the --status-fd or --status-file arguments to direct 
machine-readable signature verification messages wherever you like.

But sending it to the same file as the text is a bad idea.  Don't do it.

For example, here's me dumping the decryption to stdout so that it flows 
around the message:

0 dkg at pip:~$ gpg --status-fd 1 -d <x >x.2
gpg: Signature made Sun 25 Mar 2012 09:01:48 AM EDT
gpg:                using RSA key 0xCCD2ED94D21739E9
gpg: please do a --check-trustdb
gpg: Good signature from "Daniel Kahn Gillmor <dkg at>"
gpg:                 aka "Daniel Kahn Gillmor <dkg at>"
gpg:                 aka "[jpeg image of size 3515]"
gpg:                 aka "Daniel Kahn Gillmor <dkg at>"
0 dkg at pip:~$ cat x.2
[GNUPG:] SIG_ID chNvlYWvyBS3mjoLtZ3oEC2SQho 2012-03-25 1332680508
[GNUPG:] GOODSIG CCD2ED94D21739E9 Daniel Kahn Gillmor 
<dkg at>
[GNUPG:] NOTATION_NAME issuer-fpr at
[GNUPG:] VALIDSIG 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 2012-03-25 
1332680508 0 4 0 1 10 01 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
0 dkg at pip:~$

Here's why this is a bad idea:

Once you've stuck the verification data into the same file as the 
message, how do you tell which parts are message body ends and which are 
verification data?

You might assume that all the lines prefixed with [GNUPG:] are from the 
gnupg signature verification process; but what if the original message 
contained such lines (e.g. what if you were piping this message through 
the signature verification process)?

By combining the data you're trying to verify with the results of the 
verification, you open yourself to pretty easy exploitation from anyone 
who chooses to craft their message in a certain way.  For example, i 
could just insert lines in my message that imply a good signature from 
you, and place a well-formed (but bogus) cleartext signature around 
them.  Your verification process would emit my data into the file, 
including my fake claims of verification.  Someone scanning that file 
later will believe that you signed it.

So yes, there's a way to do what you're asking.  But you shouldn't do it.


More information about the Gnupg-users mailing list