On 30/08/14 22:20, Ingo Klöcker wrote:
On Thursday 28 August 2014 22:53:52 TJ wrote:
The aim/hope was to combine the plaintext and detached signature into
the armored clearsign format and thus avoid needing to write one of
them to the file-system (the other can be supplied via stdin).
You can probably use another approach than trying to create a
clearsigned text from a signed text and its detached signature. On the
command line one can provide both, the detached signature and the signed
text, one after the other via stdin by running
gpg --verify - -
You need to separate the detached signature and the signed stuff with an
EOT, e.g. on the console first you enter the armored detached signature
and terminate it with Ctrl+D, then you enter the signed text and
terminate it with Ctrl+D.
This would solve the issue I'm dealing with, but I can't get it to work here:
gpg --verify - - < <(echo -ne "$(cat Release.gpg)\004$(cat Release)\004")
gpg: Signature made Sat 30 Aug 2014 22:58:07 BST using RSA key ID 3591FB89
gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64)
<detac...@signature.org>"
cat -e < <(echo -ne "$(cat Release.gpg)\004$(cat Release)\004") | grep END
# -----END PGP SIGNATURE-----^DOrigin: Ubuntu$
With "--debug-all" I noticed that "dgbmd-00001.verify" is empty, which
indicates no
plaintext was received.
BTW, which language do you want to write the code in?
Well, I'm working in C to add another option to gpg, but the code that needs
this is
a Python library (that imports python-gnupg) that enables the regular
verification of the
GPG signatures of APT archive 'Release' files in all
Debian/Ubuntu/related-distro
mirrors world-wide.
If I can find a way to pass both plaintext and detached signature via stdin
that would solve the issue - I'm trying to avoid any need to create temporary
files on the file-system.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
