What does gpg error code 2(GPG_ERR_UNKNOWN_PACKET) mean

exit-statusgpg

I am tasked to explain the variation of gpg errors that happened in one of my batch script. Currently when I perform gpg decrypt for a specified file it returns 2. The problem with this is when I search the form, it shows that the file has been decrypted properly but the error code is causing the script to stop because it only assumed that 0 is the only success value.

gpg -o XXX --decrypt XXX.gpg
RETVAL=$?
if [ RETVAL -ne 0 ]; then
    exit 1
fi

I searched the net and found the header list for gpg. It defines error 2 as Unknown Packet.

http://www.gnu-darwin.org/www001/src/ports/security/libgpg-error/work/libgpg-error-1.5/src/err-codes.h.in

The normal error text being displayed is [gpg: [don't know]: invalid packet (ctb=14)].
What exactly does the unknown packet mean? I am trying to search any documents on understanding the error codes. After showing all the verbose information using the [-vv] option. I compared the resulting gpg file decryption with a file that returns 0 code.
The only thing I noticed is the byte of the key is different.

The decryption of the gpg that is error free have the following log:

:pubkey enc packet: version 3, algo 16, keyid <16-hexdigit>
    data    1023 bits
    data    1024 bits

The decryption of the gpg causing error have the following log:

:pubkey enc packet: version 3, algo 16, keyid <16-hexdigit>
    data    1022 bits
    data    1022 bits

What does this mean? why can it still be decrypted properly even if the key bit is not the same? Note that the key-id and passphrase used to decrypt the two file are the same. Also, does anyone know any detailed resource on explaining the error of gpg.

Best Answer

Largely used GPF codes are of three types :

  1. 0 is success (all other values indicate a failure).
  2. 2 is usually used for unxpected errors.
  3. 1 for things like a BAD signature.

The proper way to identify an error is by interpreting the output of --status-fd.

Now for the particular Question that you are using, there might be two reasons :

  1. GPG is asking whether you want to continue on with the encryption using an unsigned key. Since no user can input Y it produces an error.

To fix this provide the following switches :

    --yes and --always-trust
  1. It may also be a permission problem. gpg is trying to access a directory that it can't have access to, so it fails with a fatal error. (error code 2)

You can fix that by specifying a homedir directive with a directory writable by gpg. Like this:

   $cmd = "/usr/bin/gpg -a --recipient $to -e -o $outfile $infile --homedir /path/to/dir";

Information from man gpg:

   --homedir directory
   Set the name of the home directory to directory

    If this option is not used it defaults to "~/.gnupg". It does not make sense to    use     this in a options file. This also overrides the environment variable $GNUPGHOME.

You can also use this link to know more about this one.

Related Question