On 17/10/2025 15:42, Werner Koch via Gnupg-users wrote:
Hi!
On Thu, 16 Oct 2025 21:37, Tennyson T Bardwell said:
In short: I experimented and found that `gpg -d > results.txt` will
write to `results.txt` even if the verification (signature or MDC) of
the wrapped message fails.
Sure, gpg is a Unix tool and as such used in pipeline to process huge
amounts of data.
I think that I understand why this happens[2], why integrity is
important[3], and that writing to a temporary file (and checking the
exit code before use) is the recommended way to handle this. (Although,
Right. Before you further process the data you should verify it.
However, I notice that gpg's `--decrypt` flag does not have a way to
specify the expected signer, meaning that (without parsing stderr)
You can do that with --assert-signer like:
$ gpg -d --assert-signer 8777461F2A074EBC480D359419CC1C9E085B107A foo
gpg: encrypted with brainpoolP384r1 key, ID 2B999FA9CE046B1B, created
2021-06-28
"[email protected]"
gpg: using "63113AE866587D0A" as default secret key for signing
Today is the first day of the rest of your life.
gpg: Signature made Fri 17 Oct 2025 03:15:13 PM CEST
gpg: using EDDSA key 8777461F2A074EBC480D359419CC1C9E085B107A
gpg: Good signature from "[email protected]" [ultimate]
gpg: aka "[email protected]" [ultimate]
gpg: aka "[email protected]" [ultimate]
gpg: aka "[email protected]" [ultimate]
gpg: asserted signer '8777461F2A074EBC480D359419CC1C9E085B107A'
$ echo $?
0
and here using a non-matching signer:
$ gpg -d --assert-signer E8EC28456EA6CFD7A0B15821C1DBABEF2C2096BB foo
gpg: encrypted with brainpoolP384r1 key, ID 2B999FA9CE046B1B, created
2021-06-28
"[email protected]"
gpg: WARNING: server 'keyboxd' is older than us (2.5.12-beta1 < 2.5.13-beta9)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: using "63113AE866587D0A" as default secret key for signing
Today is the first day of the rest of your life.
gpg: Signature made Fri 17 Oct 2025 03:15:13 PM CEST
gpg: using EDDSA key 8777461F2A074EBC480D359419CC1C9E085B107A
gpg: Good signature from "[email protected]" [ultimate]
gpg: aka "[email protected]" [ultimate]
gpg: aka "[email protected]" [ultimate]
gpg: aka "[email protected]" [ultimate]
$ echo $?
1
Note that the above user visible output (not the exit code) pretends to
report success,
which is likely to make direct or scripted human users accept the wrong
signature.
To observer more information in a scripted application use --status-fd
for example to check for a DECRYPTION_OKAY line. You would see this line
even if you don't have the siblic key for the signature.
--status-fd is a particularly horrible interface for shell scripting use,
as it requires setting up an additional temporary file and overly complex
parsing commands todistinguish different outcomes.
--assert-signer is available since 2.4.1
--
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
<tel:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
