When to use GPG flags

Eric Pruitt eric.pruitt at gmail.com
Sat Feb 20 01:09:55 CET 2016


I'm writing an email client with support for PGP encrypted and signed
messages using GPG. I've noticed that GPG seems to do the right thing in
may situations regardless of the flags used which makes it hard to know
if I'm passing it the correct flags. For example, if I pipe a
clearsigned message into GPG using "gpg --decrypt", GPG verifies the
clearsigned signature and strips the "---BEGIN PGP...." and "---END
PGP..." blocks. I would expect GPG to raise an error because it doesn't
get any encrypted data. Is there some type of GPG "strict mode" that
will make GPG exit unsuccessfully if when processing certain types of
data with flags that don't match? Ignore buffer overflow and flaws in
the GPG code, Is there any danger of remote execution by piping
arbitrary messages into "gpg" without _any_ flags at all (GPG seems to
"do the right thing" in many situations when no flags are provided at
all)?

Eric



More information about the Gnupg-users mailing list