Ok this is a stupid questions

Ángel angel at pgp.16bits.net
Mon Feb 25 23:32:06 CET 2019


On 2019-02-25 at 14:13 +0000, Michael Holly wrote:
> What I suspect is that instead of erroring out, GPG starts the decrypt
> process over and appends the new output to the previous cycle..   I
> have not tested this, but will soon. 
>
> I just wanted to see if anyone else has seen this happen.
> 
Not that it couldn't happen, but I find strange gpg would do that.
Erroring out would make more sense. Note that GnuPG can work in filter
mode, so you can do
 cat incomplete_file | gpg -d > output_file   (*)

in which case it really can't start over.

I don't think it would process things differently, but worth trying. How
are you invoking gpg? Which version are you running?


(*) Yes, this is an useless use of cat™ In fact, it's quite likely cat
will be faster than whatever is transferring the file, piping eg. 
wget -O - would make more sense.
(**) Remember that even though you are getting an incomplete output,
unless the gpg terminates with no error after verifying the data,
**there's no guarantee about the contents** Don't pipe that output to
bash or otherwise treat as trusted data! Wait to the next command for
that (after verifying that gpg is ok with what was provided).


Cheers

Ángel





More information about the Gnupg-users mailing list