On Fri, Dec 07, 2007 at 01:08:36PM -0800, Alan Olsen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > I have encountered something that does not seem to be covered by any of > the FAQs, manuals, or other general hints. I figured I might find a > couple of good hints here. > > I have a number of files that I have received. I can decrypt them or > not. I can check the signature or not. > > What I want to do is verify that the file was encrypted and to what > keys. I can kludge something together by using --status-fd and grep. I > am hoping for something a little more user friendly and/or script > friendly. [snip more need to know if a file is encrypted or signed correctly]
If you only want to check if the file is encrypted and to what key(s),
you can use --list-packets --list-only; this will list the outermost
packets in the OpenPGP message without doing any decryption.
Among the results there will probably be a packet that looks like this:
:pubkey enc packet: version 3, algo 16, keyid 921EB6497074473C
data: [1022 bits]
data: [1024 bits]
You can fish this line out with something like either of the following:
sed -ne '/^:pubkey enc packet:/ { s/.* keyid //; s/ .*//; p;}'
perl -nle '/^:pubkey enc packet:.* keyid (\s+)/ and print $1'
The catch with this approach is that it does not actually do any
decryption; the --list-only option takes care of that. Thus, you cannot
see if the decryption will succeed, you cannot even see if the encrypted
message has been signed before the encryption - the signature packets are
within the encrypted data, --list-only will not analyze them.
If you want to analyze the message within, too, then it would seem the
logical thing that dropping --list-only would achieve some kind of goal;
however, from my limited testing it does not seem so. A simple invocation
of "gpg --list-packets file.gpg" only shows a "compressed packet" and then
a "literal data packet" line, no signature checking in sight. Of course,
if the "compressed packet" and "literal data packet" are present, the
decryption was *most probably* successful... but ICBW, and it is much too
late at night for me to actually check the GnuPG source to see if it is
possible for it to display a "literal data packet" and only then notice
that the decryption has failed.
G'luck,
Peter
--
Peter Pentchev [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
I am jealous of the first word in this sentence.
pgpgevel7NEaq.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
