0

I am working on a tool that sends out automated reports to our clients. This specific client wants the file to be encrypted and then signed. I have tried several different methods, with hours of searching, and have not had much luck. I know GPG signs then encrypts, but does anyone know if it is possible to swap the order? And if not does anyone know of any command line alternatives that can be run in a Linux container?

Example:

gpg --always-trust --batch --yes -s -u 'signee@email.com' -r 'receiver@email.com' -o 'test.txt.pgp' -e 'test.txt'

On verify :

gpg: verify signatures failed: Unexpected error

Ryan
  • 9
  • 2

2 Answers2

1

GPG doesn't seem to allow this in a single pass. You have two options:

  • use a detached signing, then you'll need to send two files: one with encrypted data and second with the signature
  • encrypt data in first pass and then sign it in the second. However that would also need two steps on the receiving side: first verify signatures/unwrap data, then decrypt it.

Also it could be useful to ask client what exact format he expects to receive. Just example of gpg --list-packets report-file should be helpful.

Nickolay Olshevsky
  • 13,706
  • 1
  • 34
  • 48
  • You can do this by piping `gpg -e ... output` or similar. It is still actually doing two passes, but you don't have to manage the intermediate file. – dave_thompson_085 Mar 22 '23 at 11:36
  • That would produce two-layered OpenPGP message, which would require two invocations of GnuPG to verify and then decrypt the data. – Nickolay Olshevsky Mar 22 '23 at 19:46
0

i believe this is what you are looking for:

gpg --sign --encrypt --recipient recipient@domain.com --output encrypted-output.pgp inputfile
user6264717
  • 1
  • That does sign first THEN encrypt, exactly what the Q says is not wanted. – dave_thompson_085 Mar 22 '23 at 11:34
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 27 '23 at 20:55