Positive Verification?

Kevin Calman codex24 at gmail.com
Mon Jun 20 22:22:55 CEST 2005


Please forgive if this has been asked and answered before, I have just
suscribed and can't figure out how to search the archives....
  I am using GPG 1.4.0 under cygwin on Windows XP/P SP2. I am making
up a process for encrypted archiving, where the same user will create
signed and encrypted content, and potentially verify and decrypt this
content after retrival from off-site media. I need to confirm that the
file received was authentically produced by the same user. The files
are large binary archives.
  I have public and private keys for the generic identity, "user" and
I create the file thusly:
> gpg -u user -r user -r my-identity -o file.tar.gpg -se file.tar
When I verify the file, there is no prompt for secret key passphrase,
I get no useful output, and the command always succeeds (i.e., always
a 0 return code). I verfy as follows:
> gpg --verify-files file.tar.gpg
If I actually decrypt the file, I do a passphrase prompt, I get useful
output which identifies which identity is decrypting the file.
Shouldn't verify-files do the same thing?
  Assuming I have multiple private keys, and a file is encrypted to
mulitple recipients, how do I selecting which identity to use to
verify and/or decrypt the file?
  Thanks for any info you can provide.
-- 
Opinions herein are exclusively my own, unless you share them.
Kevin Calman, codex24 at gmail dot com, Austin, TX, US



More information about the Gnupg-users mailing list