decryption outputs to stdout before verification

[Jakob Bohm]

On 17/10/2025 15:42, Werner Koch via Gnupg-users wrote:
> Hi!
>
> On Thu, 16 Oct 2025 21:37, Tennyson T Bardwell said:
>
>> In short: I experimented and found that `gpg -d > results.txt` will
>> write to `results.txt` even if the verification (signature or MDC) of
>> the wrapped message fails.
> Sure, gpg is a Unix tool and as such used in pipeline to process huge
> amounts of data.
>
>> I think that I understand why this happens[2], why integrity is
>> important[3], and that writing to a temporary file (and checking the
>> exit code before use) is the recommended way to handle this. (Although,
> Right.  Before you further process the data you should verify it.
>
>> However, I notice that gpg's `--decrypt` flag does not have a way to
>> specify the expected signer, meaning that (without parsing stderr)
> You can do that with --assert-signer like:
>
>    $ gpg -d --assert-signer 8777461F2A074EBC480D359419CC1C9E085B107A foo
>    gpg: encrypted with brainpoolP384r1 key, ID 2B999FA9CE046B1B, created 2021-06-28
>          "wk at gnupg.org"
>    gpg: using "63113AE866587D0A" as default secret key for signing
>    Today is the first day of the rest of your life.
>    gpg: Signature made Fri 17 Oct 2025 03:15:13 PM CEST
>    gpg:                using EDDSA key 8777461F2A074EBC480D359419CC1C9E085B107A
>    gpg: Good signature from "wk at gnupg.org" [ultimate]
>    gpg:                 aka "werner at eifzilla.de" [ultimate]
>    gpg:                 aka "wk at g10code.com" [ultimate]
>    gpg:                 aka "werner.koch at gnupg.com" [ultimate]
>    gpg: asserted signer '8777461F2A074EBC480D359419CC1C9E085B107A'
>    $ echo $?
>    0
>
> and here using a non-matching signer:
>
>    $ gpg -d --assert-signer E8EC28456EA6CFD7A0B15821C1DBABEF2C2096BB foo
>    gpg: encrypted with brainpoolP384r1 key, ID 2B999FA9CE046B1B, created 2021-06-28
>          "wk at gnupg.org"
>    gpg: WARNING: server 'keyboxd' is older than us (2.5.12-beta1 < 2.5.13-beta9)
>    gpg: Note: Outdated servers may lack important security fixes.
>    gpg: Note: Use the command "gpgconf --kill all" to restart them.
>    gpg: using "63113AE866587D0A" as default secret key for signing
>    Today is the first day of the rest of your life.
>    gpg: Signature made Fri 17 Oct 2025 03:15:13 PM CEST
>    gpg:                using EDDSA key 8777461F2A074EBC480D359419CC1C9E085B107A
>    gpg: Good signature from "wk at gnupg.org" [ultimate]
>    gpg:                 aka "werner at eifzilla.de" [ultimate]
>    gpg:                 aka "wk at g10code.com" [ultimate]
>    gpg:                 aka "werner.koch at gnupg.com" [ultimate]
>    $ echo $?
>    1
Note that the above user visible output (not the exit code) pretends to 
report success,
which is likely to make direct or scripted human users accept the wrong 
signature.


> To observer more information in a scripted application use --status-fd
> for example to check for a DECRYPTION_OKAY line.  You would see this line
> even if you don't have the siblic key for the signature.
--status-fd is a particularly horrible interface for shell scripting use,
as it requires setting up an additional temporary file and overly complex
parsing commands todistinguish different outcomes.

> --assert-signer is available since 2.4.1
>


-- 
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10 
<tel:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251024/2816d4df/attachment-0001.html>