Hi! On 22/07/17 00:01, karel-...@tutanota.com wrote: > In short I am searching for something like the test option for packed > files that most archivers offer.
I don't know what OS you're using, so the details might differ but this works for me: $ gpg --batch -o /dev/null -d test.txt.gpg ; echo $? gpg: AES encrypted data gpg: encrypted with 1 passphrase gpg: WARNING: encrypted message has been manipulated! 2 I deliberately corrupted the file. I say it should decrypt and output to /dev/null, which on OS'es which have a /dev/null means "discard the output". With an uncorrupted file, the exit status is 0, but here it is 2. Any non-interactive use should carry the --batch parameter so GnuPG knows it's not currently talking to a human, and it should specify the command (-d). Alternatively, you could parse the status fd. The best way to programmatically interact with GnuPG is through GPGME, but my gut feeling says that for this really limited case, --status-fd is good enough and cleaner than just relying on exit status. Perhaps exit status is already good enough as long as data is not signed (which would influence exit status), I'm not sure. $ gpg --status-fd 3 --batch -o /dev/null -d test.txt.gpg 3>&1 1>/dev/null 2>&1 [GNUPG:] NEED_PASSPHRASE_SYM 7 3 2 [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_INFO 2 7 [GNUPG:] PLAINTEXT 62 1500889574 test.txt [GNUPG:] PLAINTEXT_LENGTH 4 [GNUPG:] BADMDC [GNUPG:] DECRYPTION_FAILED [GNUPG:] END_DECRYPTION I'm just keeping what is printed on FD 3 here, be gone with all the other cruft. What you actually want is a line that says DECRYPTION_OKAY. If you parse the status-fd output for that line, I'd say you can be pretty sure that the file is okay. Don't rely on the opposite (DECRYPTION_FAILED); you want positive confirmation the file is OKAY, so that's what you should check. The only way to verify correctness of every byte of data is to decrypt it; only then can the Modification Detection Code be computed and verified. But there is no need to write the decrypted data to disk, as I demonstrated. HTH, Peter. Disclaimer: I don't usually script GnuPG, I might be forgetting about something important like --batch (which I did remember). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users