Check encrypted file for empty content

I'm using gpg to decrypt files sent to me by a vendor. Everything works fine accept for when the content of the encrypted file is empty (the vendor has told me that开发者_运维问答 there is no content in the files in question).

If I try and decrypt one of these files I get:

gpg: can't handle this ambiguous signature data

Is there any way to check that the file has no content accept for the header, so that I can set it up to fail more elegantly?

According to this mailing-list post, the official PGP tool has a bug that sometimes causes it to produce malformed messages. You can verify whether this is the case for your particular file by running gpg --list-packets path/to/encrypted/file.pgp and looking at the output. If you see a :onepass_sig packet: followed immediately by a :signature packet: then that's probably what's going on.

In my (limited) experience, this occurs if the sender has tried to encrypt an empty file. Unfortunately, since encryption is designed to make it difficult to see what's inside, it's hard to tell if that's actually the case before you try to decrypt it. gpg's --list-packets output will give you some information, but I've noticed that the :literal data packet: output will usually say "raw data: 0 bytes" even if the message contains a non-empty file.

You can make gpg ignore all signature data in the encrypted file with the --skip-verify option, but then of course you can't tell whether the file you're decrypting comes from a trusted source.

Assuming you are using a unix shell script, you could first do a '[ -s /the/file ]' before attempting the GPG decrypt.