decryption outputs to stdout before verification
Werner Koch
wk at gnupg.org
Fri Oct 24 18:53:45 CEST 2025
On Fri, 24 Oct 2025 15:03, Jakob Bohm said:
> Note that the above user visible output (not the exit code) pretends
> to report success,
Which is tehcnically correct becuase the signature is valid. The
assertion simply fails and thus the exit code is guaranteed to be failure
and you will also see a ASSERT_SIGNER status line if the assertion is true.
> --status-fd is a particularly horrible interface for shell scripting use,
> as it requires setting up an additional temporary file and overly complex
awk is the tool of choice ;-)
I would suggest to use libgpgme, gpgme-tools, or gpgme-json for all
applications. No need for --assert-signer in this case because this can
be easily checked without.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251024/4226c927/attachment.sig>
More information about the Gnupg-users
mailing list