Is there built-in a way validate a signature against a specific key?

Werner Koch wk at gnupg.org
Wed Apr 24 11:14:06 CEST 2024


On Tue, 23 Apr 2024 21:39, Eric Pruitt said:
> I have multiple public keys in my GPG keyring. When validating
> signatures, I sometimes want to validate them against a specific key so

The classcc tool for this is gpgv with its --keyring option.  This is
what for example Debian uses to validate signatures.

A newer way is the --assert-signer option we introduced with version
2.4.1:

     --assert-signer fpr_or_file
     
              This option checks whether at least one valid signature on
              a file has been made with the specified key.  The key is
              either specified as a fingerprint or a file listing
              fingerprints.  The fingerprint must be given or listed in
              compact format (no colons or spaces in between).  This
              option can be given multiple times and each fingerprint is
              checked against the signing key as well as the
              corresponding primary key.  If fpr_or_file specifies a
              file, empty lines are ignored as well as all lines
              starting with a hash sign.  With this option gpg is
              guaranteed to return with an exit code of 0 if and only if
              a signature has been encountered, is valid, and the key
              matches one of the fingerprints given by this option.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240424/372c1289/attachment.sig>


More information about the Gnupg-users mailing list