GpgSM: Verification of detached signature via pipe fails
Open, Needs TriagePublic

Assigned To
None
Authored By
timegrid
Tue, Jul 14, 2:41 PM

Description

Since at least gpg4win-5.0.2 piping into gpgsm for verification of detached signatures fails, e.g. tested on gpg4win-5.1.0-beta658 @ win11:

c:\Users\g10>type smime.signed-only.txt | gpgsm -v --debug-all --status-fd=2 --verify smime.signed-only.txt.p7s -
gpgsm: reading options from '[cmdline]'
gpgsm: reading options from 'C:/Users/g10/AppData/Roaming/gnupg/common.conf'
gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
gpgsm: enabled compatibility flags:
gpgsm: can't open '-': No such file or directory
[GNUPG:] FAILURE gpgsm-exit 50331649
gpgsm: cert_chain_cache: cached=0
gpgsm: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpgsm: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpgsm: secmem usage: 0/16384 bytes in 0 blocks

This used to work in e.g. vsd-3.3.7 / gpgsm 2.2.54, and also in the gpgsm 2.4.9 provided by git for windows:

c:\Users\g10>type smime.signed-only.txt | gpgsm -v --status-fd=2 --verify smime.signed-only.txt.p7s -
gpgsm: enabled compatibility flags: de-vs-trustlist
gpgsm: detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2026-07-06 13:16:47 UTC
gpgsm:                using rsa3072 key 7C6A4442C88AA009D1B82BD267F99891C2311DD2
gpgsm: algorithm: RSA + SHA256
gpgsm: certificate is good
gpgsm: validation model used: shell
[GNUPG:] VERIFICATION_COMPLIANCE_MODE 23
[GNUPG:] GOODSIG 7C6A4442C88AA009D1B82BD267F99891C2311DD2 /CN=Test Tester/OU=demo/O=g10 Code GmbH/C=DE
[GNUPG:] VALIDSIG 7C6A4442C88AA009D1B82BD267F99891C2311DD2 2026-07-06 20260706T131647 20630405T170000 0 0 1 8 00
gpgsm: Good signature from "/CN=Test Tester/OU=demo/O=g10 Code GmbH/C=DE"
gpgsm:                 aka "ted.tester@demo.gnupg.com"
[GNUPG:] TRUST_FULLY 0 shell

Piping of embedded signatures (without -) still works on gpg4win-5.1.0-beta658 @ win11:

C:\Users\g10>echo test | gpgsm --sign --local-user Ted | gpgsm --verify
[...]
gpgsm: Good signature from "/CN=Test Tester/OU=demo/O=g10 Code GmbH/C=DE"
gpgsm:                 aka "ted.tester@demo.gnupg.com"

Details

Event Timeline

timegrid created this object with edit policy "Contributor (Project)".