When to use GPG flags

Peter Lebbing peter at digitalbrains.com
Sat Feb 20 18:48:21 CET 2016


On 20/02/16 18:14, Eric Pruitt wrote:
> Regardless of
> how I ultimately choose to implement PGP support in my mail client, I
> would still like to have the questions I asked addressed to understand
> how GPG handles command line flags.

Fine by me.

The difference is that --verify never produces any data output, whereas
you use --decrypt to get at the contents of the message. So for
instance, the following message is unencrypted but signed. But you
cannot discover what the message is with --verify, since it will just
tell you it's a good signature. You use --decrypt to actually look at
the contents.

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owEBYgGd/pANAwAIAZaeAY/ebNyhAcsyYgBWyKS3VGhlIHF1aWNrIGJyb3duIGZv
eCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZwqJARwEAAEIAAYFAlbIpLcACgkQlp4B
j95s3KGPwwf/bI0Ma3wZV1UOx5ZHtRsMjaCSB/4ntNs0HDh4MPjllRK+/kiQx8I5
7d2dPkfufq3ULS/usgHx3Fyuc/JFywS/rnZBKzhO7X/oBbl26UsHm+WNd5CXHCGP
VhiuxcmorgLNPG0Wb8MPPN8KByrhdhv+j8t4wzwki6sbMAoTQm0fZM03YKtCEKcE
xtI4PNz/xxAI/2y1qhlzKfRXttnsnuSJp0rTGufct64AWG2/S9r47Yn/XPC/Vxv1
uslPGXA8PuqWiF9Ik+xCgCgkmbh6emzCD3SrMlnu4qJ88GkrxmdCDf5Kut7w3foa
UkGJ7QnEdRXGYbJJpIiQqF8ZIejMkQDdxw==
=hAWk
-----END PGP MESSAGE-----

This one isn't even signed; it's just data.

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owE7bZTEEHZiWUxIRqpCYWlmcrZCUlF+eZ5CWn6FQlZpbkGxQn5ZapFCCVA6J7Gq
UiElP50LAA==
=fx76
-----END PGP MESSAGE-----

So --decrypt is: gimme the contents. --verify is: check the validity,
but don't ever produce any data.

But since you ultimately need to choose a reasonably short name for the
option, they're not called --decrypt-verify-or-decode and --verify-only ;).

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list