> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > ... > $ gpgv --keyring ./key.gpg data.gpg > > > Splitting up the message gives me > > > > 000001-001.pk_enc > > 000002-018.encrypted_mdc > > This is an encrypted message. gpgv can't do anything with it.
No, this is a signed AND encrypted message. Can gpgv only be used to verify signatures on signed-only but not signed AND encrypted messages, maybe due to encrypt AFTER sign scheme? If so update of the manual pages and a more talkative error message instead of "gpgv: verify signatures failed: Unexpected error" would be really nice. Test trail: * Prepare: Remove standard GPG homedir to detect any access to it by error (should never happen). rm -rf -- "${HOME}/.gnupg" testDir="$(mktemp -d)" cd -- "${testDir}" * Generate receiver key: mkdir --mode=0700 -- Receiver cat <<EOF | /usr/bin/gpg1 --homedir Receiver --batch --gen-key /proc/self/fd/0 Key-Type: RSA Key-Length: 2048 Subkey-Type: ELG-E Subkey-Length: 2048 Name-Real: Receiver Key Expire-Date: 0 %commit EOF /usr/bin/gpg1 --homedir Receiver --export "Receiver Key" > Receiver/ReceiverKey.pub * Generate sender key: mkdir --mode=0700 -- Sender /usr/bin/gpg1 --homedir Sender --batch --command-fd 0 --status-fd 1 --gen-key <<EOF %no-protection Key-Type: RSA Key-Length: 2048 Subkey-Type: ELG-E Subkey-Length: 2048 Name-Real: Sender Key Expire-Date: 0 %commit EOF /usr/bin/gpg1 --homedir Sender --export "Sender Key" > Sender/SenderKey.pub * Generate message: /usr/bin/gpg1 --no-options --homedir Sender --keyring Receiver/ReceiverKey.pub --lock-never --trust-model always --sign --local-user "Sender Key" --encrypt --throw-keyids --hidden-recipient "Receiver Key" <<EOF > Sender/OutgoingMessage.gpg Secret message EOF * Decrypt and verify with gpg1 on receiver side: /usr/bin/gpg1 --no-options --homedir Receiver --no-default-keyring --keyring Sender/SenderKey.pub --lock-never --trust-model always --batch --display-charset utf-8 --status-fd 2 --decrypt --try-all-secrets < Sender/OutgoingMessage.gpg gpg: Good signature from "Sender Key" [GNUPG:] VALIDSIG 7C8D39EA43614F2266EBD8F52A1DF9C596868A14 2018-09-05 1536135808 0 4 0 1 8 00 7C8D39EA43614F2266EBD8F52A1DF9C596868A14 * Verify only with gpgv (from gnupg2): Not clear from documentation, if gpgv could verify signed AND encrypted messages. Use absolute path for sure as relative pathnames will be handled differently. /usr/bin/gpgv --status-fd 2 --homedir /proc/self/fd/nonexistent --keyring "${testDir}/Sender/SenderKey.pub" /proc/self/fd/0 < Sender/OutgoingMessage.gpg [GNUPG:] UNEXPECTED 0 gpgv: verify signatures failed: Unexpected error * Final checks: Ensure default homedir was not created due to error in testing protocol: ls -al -- "${HOME}/.gnupg" _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users