Mailing List Archive

Florian Weimer, at 15:36 +0200 on 21 Apr 2000, wrote:

> Bug or feature? It's quite annoying if you want to find out whether
> decryption succeed by looking at the exit status.

There are so many issues that can happen as the result of an OpenPGP
operation. One could verify a signature, but not have the public key or a
web-of-trust line, or one could have the issue you talked aobut,
etc. What you should really look into is parsing the output of the option
"status-fd", which has information described in GnuPG's DETAILS file.

--
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus

On Fri, 21 Apr 2000, Frank Tobin wrote:

> etc. What you should really look into is parsing the output of the option
> "status-fd", which has information described in GnuPG's DETAILS file.

lights my fire :^) in what way? i have both the status- and logger-fd turned
on for watching purposes. the output might be parsed to get the precise
overall picture, and there are not many verbs, and nothing you would call
"fuzzy", contextual information. on the other hand the gnupg's docs are
not complete. so, how about making an incrementally learning parser, done
in prolog, which will take over the whole thing in the near future, making
the handling of any kind of encryption a breeze even for a child?

and maybe, when the software, personalized to the most intimate utterances,
takes all the shortcuts available, it might not even be neccessary to type
in a passphrase, or to use gpg in the first place!

--
ino-waiting@gmx.net

I am tired of receiving dozens of messages of this list.

I tried many times to unsubscribe. The mailing system does not work properly
and the owner of the list (Lord of the Lists <listmaster@gnupg.org>) explains
me that I am not subscribed. It appears now to me as harassment.

If everybody from the list reads this message he will probably understand his
mistake and maybe do his duty.

Frank Tobin wrote:

> Florian Weimer, at 15:36 +0200 on 21 Apr 2000, wrote:
>
> > Bug or feature? It's quite annoying if you want to find out whether
> > decryption succeed by looking at the exit status.
>
> There are so many issues that can happen as the result of an OpenPGP
> operation. One could verify a signature, but not have the public key or a
> web-of-trust line, or one could have the issue you talked aobut,
> etc. What you should really look into is parsing the output of the option
> "status-fd", which has information described in GnuPG's DETAILS file.
>
> --
> Frank Tobin http://www.uiuc.edu/~ftobin/
>
> "To learn what is good and what is to be valued,
> those truths which cannot be shaken or changed." Myst: The Book of Atrus

--
-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-

Pierre - Henri S E N E S I
http://www.senesi.org
Formateur Techno / Technology trainer
I.U.F.M. de Nice : Institut Universitaire de Formation des Maitres
University Institute for Teacher Training, Nice, France
Post. : I.U.F.M. Technology Dept. 43, Av. St. Liégeard F 06100 NICE
Tel. & Fax : (33) or (0) 492.07.74.89 / 80 492.09.11.02
-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-

I am tired of receiving dozens of messages of this list.

I tried many times to unsubscribe. The mailing system does not work
properly
and the owner of the list (Lord of the Lists <listmaster@gnupg.org>)
explains
me that I am not subscribed. It appears now to me as harassment.

If everybody from the list reads this message he will probably
understand
his
mistake and maybe do his duty.

Florian Weimer wrote:

> If a messages is encrypted to multiple subscribers, and secret keys
> are present for all subscribers, but not all secret keys can be
> decrypted (i.e. because of a missing or wrong passphrase), GnuPG 1.0.1
> exits with status 2 even if the messages was successfully decrypted
> because a usable secret key was found in the end.
>
> Bug or feature? It's quite annoying if you want to find out whether
> decryption succeed by looking at the exit status.
>
> --
> Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
> University of Stuttgart http://cert.uni-stuttgart.de/
> RUS-CERT +49-711-685-5973/fax +49-711-685-5898
> http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5

Frank Tobin <ftobin@uiuc.edu> writes:

> There are so many issues that can happen as the result of an OpenPGP
> operation. One could verify a signature, but not have the public key or a
> web-of-trust line, or one could have the issue you talked aobut,
> etc. What you should really look into is parsing the output of the option
> "status-fd", which has information described in GnuPG's DETAILS file.

Yes, but status-fd is remarkably terse when it's creating some OpenPGP
messages. May I assume that in this case, the exit status indicates
whether the operation was successfull or not? I certainly do not want
to parse standard error output. :-/

--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5

Florian Weimer, at 20:52 +0200 on 22 Apr 2000, wrote:

> Yes, but status-fd is remarkably terse when it's creating some OpenPGP
> messages. May I assume that in this case, the exit status indicates
> whether the operation was successfull or not? I certainly do not want
> to parse standard error output. :-/

The question is what does "successful" mean? There can be warnings, total
failure, partial success/failure, etc. Your wrapper really should try to
do some processing and parse status-fd.

--
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus

Frank Tobin <ftobin@uiuc.edu> writes:

> > Yes, but status-fd is remarkably terse when it's creating some OpenPGP
> > messages. May I assume that in this case, the exit status indicates
> > whether the operation was successfull or not? I certainly do not want
> > to parse standard error output. :-/
>
> The question is what does "successful" mean? There can be warnings, total
> failure, partial success/failure, etc. Your wrapper really should try to
> do some processing and parse status-fd.

But there isn't anything to parse in this case!

deneb:~$ dd if=/dev/zero count=1 | gpg --batch --output=- --status-fd=2 --encrypt -r fw@deneb > /dev/null
1+0 records in
1+0 records out
deneb:~$ dd if=/dev/zero count=1 | gpg --batch --output=- --status-fd=2 --encrypt -r non-existing-id > /dev/null
1+0 records in
1+0 records out
gpg: non-existing-id: skipped: public key not found
gpg: [stdin]: encryption failed: public key not found
deneb:~$

I think 1.0.1e is a bit better (it indicates successful encryption, at
least).

--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5

Florian Weimer, at 10:25 +0200 on 23 Apr 2000, wrote:

> deneb:~$ dd if=/dev/zero count=1 | gpg --batch --output=-
> --status-fd=2 --encrypt -r fw@deneb > /dev/null

In GnuPG you don't follow options with equals '='.

gpg --bach --status-fd 2 --encrypt -r fw@deneb

--
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus

Frank Tobin <ftobin@uiuc.edu> writes:

> In GnuPG you don't follow options with equals '='.

The GNU conventions require that "=" works, and GnuPG seems to follow
these conventions (see the arg_parse() function).

--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5

On Fri, 21 Apr 2000, Florian Weimer wrote:

> If a messages is encrypted to multiple subscribers, and secret keys
> are present for all subscribers, but not all secret keys can be
> decrypted (i.e. because of a missing or wrong passphrase), GnuPG 1.0.1
> exits with status 2 even if the messages was successfully decrypted
> because a usable secret key was found in the end.
>
> Bug or feature? It's quite annoying if you want to find out whether
> decryption succeed by looking at the exit status.

Still in 1.0.1e ?


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

Werner Koch <wk@gnupg.org> writes:

> > Bug or feature? It's quite annoying if you want to find out whether
> > decryption succeed by looking at the exit status.
>
> Still in 1.0.1e ?

Yes. mainproc.c, lines 1162, 1163 read:

if( rc != G10ERR_NOT_PROCESSED )
log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );

log_error() increments the error count, and g10.c:g10_exit() does the
following:

rc = rc? rc : log_get_errorcount(0)? 2 :
g10_errors_seen? 1 : 0;

I don't think this can be easily changed.

As a result, I ignore the exit status completely and rely solely on
the status fd output to decide whether decryption was successful or
not.

--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5