decryption outputs to stdout before verification
Robert J. Hansen
rjh at sixdemonbag.org
Fri Oct 24 19:15:34 CEST 2025
> Note that the above user visible output (not the exit code) pretends to
> report success,
> which is likely to make direct or scripted human users accept the wrong
> signature.
This is the behavior at fault in the EFAIL paper of a few years ago.
> --status-fd is a particularly horrible interface for shell scripting use,
> as it requires setting up an additional temporary file and overly complex
> parsing commands todistinguish different outcomes.
Either use a better shell with support for the processing behavior you
need, or else write your verifier in Perl or Python and do the stuff
there. You could also probably do it in awk.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251024/a23825a4/attachment.sig>
More information about the Gnupg-users
mailing list