Verify succeeds with empty signature file?

Sean Reifschneider jafo at tummy.com
Tue Mar 23 18:04:51 CET 1999


Greetings.  I'm working with GPG 0.9.1, and have found that if you request
a signature verification but the .sig file is empty, GPG exits with a 0:

sylvia:updir$ : >foopkg.sig 
sylvia:updir$ gpg --no-greeting --no-default-keyring --keyring ../lib/distkeyring --verify "foopkg.sig" "foopkg.update"
gpg: key 570FC9AD: secret key without public key - skipped
gpg: key 35146005: secret key without public key - skipped
sylvia:updir$ echo $?
0

However, if you put any text in foopkg.sig, it exits with 2:

sylvia:updir$ echo ":" >foopkg.sig 
sylvia:updir$ gpg --no-greeting --no-default-keyring --keyring /home/jafo/projects/Firewall/update/lib/distkeyring --verify "foopkg.sig" "foopkg.update" 2>&1
gpg: key 570FC9AD: secret key without public key - skipped
gpg: key 35146005: secret key without public key - skipped
gpg: no valid OpenPGP data found.
sylvia:updir$ echo $?
2

I was working on a script which called GPG to verify that a signature was
valid before continuing.  So, I check for a 0 exit code *AND* that the
output generated by GPG includes "gpg: Good signature from".  However, it
would seem that returning non-zero in *ANY* case where a verify failed would
be the best plan as far as script-writers are concerned (or at least a note
in the man page that you should check for 0 and "Good" in the output).

Thanks,
Sean
-- 
 His thoughts tumbled in his head, making and breaking alliances like
 underpants in a dryer without Cling Free.
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
URL: <http://www.tummy.com/xvscan> HP-UX/Linux/FreeBSD/BSDOS scanning software.






More information about the Gnupg-devel mailing list