silent mode; signing headers
Zack Weinberg
zack at rabi.phys.columbia.edu
Thu Jun 18 16:14:12 CEST 1998
On Thu, 18 Jun 1998 09:40:40 +0200, Werner Koch wrote:
>Zack Weinberg <zack at rabi.phys.columbia.edu> writes:
>
>> First, a `silent mode' for verifying signatures. In this mode g10
>> reads a file and indicates whether the signature is good or not by
>> its exit status, but produces no output. Exit codes should
>
>that should be possible with gpg --batch --verify. I can make sure
>that you get these exit codes:
> 0 - okay
> 1 - can't check signature (unknown algorithm, no public key)
> >= 2 - program failure.
>I don't think that it is a good idea to use exit codes as this is
>complicated if gnupg is used in a pipe (yes, bash 2 has a facility for
>this). A better way is to parse the output of gpg: when used with
>--status-fd 2 you will see lines
>[GNUPG:] keyword more stuff
>which are quite easy to parse.
That I could live with, but INN's verification mechanism wants it all
in the exit codes. I was hoping to be able to eliminate the wrapper
script. On the other hand, as you say
>> Second, it would be nice to be able to sign some of the headers of a
>> message as well as its content. This allows the recipient to check
>
>I do not think gnupg should do this; it is MUA relatated stuff. I'd
>suggest do invent some MIME encoding for this. A way to do this is
>to bring the headers in a standard format (MTA may rewrite them), hash
>them and put the hashvalue as printable string into the contents of
>the message (or simply copy the headers into the contents).
this would require me to keep the wrapper anyway, and I do think this
is reasonable.
zw
More information about the Gnupg-devel
mailing list