Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Can I create separate signed and encrypted PGP files?

Created: 28 Jan 2013 | 5 comments

Hello all,

Here's the situation I have. I have external parties who are supposed to PGP sign/encrypt files sent to us. When we receive the signed/encrypted files, we will perform the signature verify checks, and if ok, save the file for processing. We are also required to save JUST the signed copy of the file.

To allow the above, I could only think of at the sending end, the following steps:

1) pgp --sign file --signer A --passphrase **** --output file.signed

2) pgp --encrypt file.signed -r B --output file.signed.enc

On the receiver end:

3) pgp --decrypt file.signed.enc --passphrase **** --output Receive_file.signed

4) pgp --verify Receive_file.signed

But the problem is, step (4) does not allow me to output the file. It just tells me the suggested output file name is ...

Is there a way to make step (4) output the original file contents if the signature is good?


Comments 5 CommentsJump to latest comment

Alex_CST's picture

Ah this was similar to your other post that describes the issue in more detail.

What about moving the file somewhere or renaming?

if [ "pgp --verify Recieve_file.signed | grep -i "3035:good signature"" ]
mv Recieve_file.signed /tmp/Receive_file.verified
Something like that?
Please mark posts as solutions if they solve your problem!

passivity's picture

Hello Alex,

Thanks for replying.

In your approach, the Receive_file.signed or Receive_file.verified would be the original file contents with an embedded signature. How can I extract the original contents from a signed file?

Alex_CST's picture

So you want to be able to remove all the PGP bits so the original email contents remain is that right?  Or am I way off

Please mark posts as solutions if they solve your problem!

passivity's picture

Yes, Alex. I want to be able to extract the original contents after the signature is successfully verified.

Based on the workflow I described, the output of the decryption would be the signed original file. But I was not able to extract the original contents from this file.

Our intention is to keep a copy of the signed file for future verification. If we keep the signed/encrypted file, then we may have to archive the PGP private key in the event we need to decrypt on a future date when the private key has been renewed.

Alex_CST's picture

Like the other post with a similar scenario, you can use --decrypt to extract the file content.  This is purely for archival purposes of other people searching the Symantec forums :)

Please mark posts as solutions if they solve your problem!