silent mode; signing headers

Werner Koch wk at isil.d.shuttle.de
Thu Jun 18 10:40:40 CEST 1998


Zack Weinberg <zack at rabi.phys.columbia.edu> writes:

> First, a `silent mode' for verifying signatures.  In this mode g10
> reads a file and indicates whether the signature is good or not by
> its exit status, but produces no output.  Exit codes should

that should be possible with gpg --batch --verify.  I can make sure
that you get these exit codes:
  0 - okay
  1 - can't check signature (unknown algorithm, no public key)
  >= 2 - program failure.
I don't think that it is a good idea to use exit codes as this is
complicated if gnupg is used in a pipe (yes, bash 2 has a facility for
this).  A better way is to parse the output of gpg: when used with
--status-fd 2 you will see lines 
[GNUPG:] keyword more stuff
which are quite easy to parse.

> Second, it would be nice to be able to sign some of the headers of a
> message as well as its content.  This allows the recipient to check

I do not think gnupg should do this; it is MUA relatated stuff.  I'd
suggest do invent some MIME encoding for this.  A way to do this is
to bring the headers in a standard format (MTA may rewrite them), hash
them and put the hashvalue as printable string into the contents of
the message (or simply copy the headers into the contents).

> p.s. --verify is documented to not print the contents of the file
> verified, but in 0.2.19 it does (at least with --clearsign

Noted, thanks.


Werner






More information about the Gnupg-devel mailing list