clearsign failed intuition demo

clearsign_decrypt_demo

#!/bin/bash

set -x
set -e

true "Clean up eventual previous run."

rm -f clearsign_decrypt_demo_test_file.txt.asc
rm -f clearsign_decrypt_demo_test_file.txt

true "Creating test file..."

echo "test" > clearsign_decrypt_demo_test_file.txt

true "Let's clearsign it."

gpg --clearsign clearsign_decrypt_demo_test_file.txt

true "--verify will work as expected."

gpg --verify clearsign_decrypt_demo_test_file.txt.asc

true "So does --decrypt."

gpg --decrypt clearsign_decrypt_demo_test_file.txt.asc

true "Let's append some extraneous, potentially malicious text."

echo "Extraneous appended content here." >> clearsign_decrypt_demo_test_file.txt.asc

true "Let's prepend some extraneous, potentially malicious text."

sed -i.old '1s;^;Extraneous prepended content here.\n;' clearsign_decrypt_demo_test_file.txt.asc

true "--verify will still work, even if you expect it should fail!"

gpg --verify clearsign_decrypt_demo_test_file.txt.asc

true "However, --decrypt will at least only show the clear signed text."

gpg --decrypt clearsign_decrypt_demo_test_file.txt.asc

Example output.

~ $ ./clearsign_decrypt_demo 
+ set -e
+ true 'Clean up eventual previous run.'
+ rm -f clearsign_decrypt_demo_test_file.txt.asc
+ rm -f clearsign_decrypt_demo_test_file.txt
+ true 'Creating test file...'
+ echo test
+ true 'Let'\''s clearsign it.'
+ gpg --clearsign clearsign_decrypt_demo_test_file.txt

You need a passphrase to unlock the secret key for
user: "Patrick Schleizer <adrelanos@riseup.net>"
4096-bit RSA key, ID 77BB3C48, created 2014-01-16 (main key ID 2EEACCDA)

+ true '--verify will work as expected.'
+ gpg --verify clearsign_decrypt_demo_test_file.txt.asc
gpg: Signature made Sun 11 Jan 2015 09:17:48 PM UTC using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [ultimate]
+ true 'So does --decrypt.'
+ gpg --decrypt clearsign_decrypt_demo_test_file.txt.asc
test
gpg: Signature made Sun 11 Jan 2015 09:17:48 PM UTC using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [ultimate]
+ true 'Let'\''s append some extraneous, potentially malicious text.'
+ echo 'Extraneous appended content here.'
+ true 'Let'\''s prepend some extraneous, potentially malicious text.'
+ sed -i.old '1s;^;Extraneous prepended content here.\n;' clearsign_decrypt_demo_test_file.txt.asc
+ true '--verify will still work, even if you expect it should fail!'
+ gpg --verify clearsign_decrypt_demo_test_file.txt.asc
gpg: Signature made Sun 11 Jan 2015 09:17:48 PM UTC using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [ultimate]
+ true 'However, --decrypt will at least only show the clear signed text.'
+ gpg --decrypt clearsign_decrypt_demo_test_file.txt.asc
test
gpg: Signature made Sun 11 Jan 2015 09:17:48 PM UTC using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [ultimate]
~ $