It seems to me that a plain -T $file should be sufficient to catch a rogue encrypted and/or compressed file that made it past the first process without triggering an error (although what happens if the file is Base64 or otherwise ASCII-armored?) - Yes that is exactly what I'm trying to guard against: sending the upstream program a file that somehow failed to get decrypted, decompressed or unzipped. The upstream process will do its own error checking is there is malformed content such as non-printable characters it will error out. So including any of that type of checking will be redundant. I'm not expecting any Base64 or ASCII armored input, but if somehow base64 or ASCII armored text is sent it I'll process it as valid ASCII text and the upstream program will reject based on the invalid content