Inocrrect(?) verification exit code for revoked certificates
Werner Koch
wk at gnupg.org
Sat Feb 25 13:04:53 CET 2012
On Fri, 24 Feb 2012 15:27, joanna at invisiblethingslab.com said:
> Wile it seems to me that an error exit code should returned in this
> case. After all a "good" signature made with a compromised key, should
> not be considered as "good"...
That is a FAQ and the short answer is that you can't convey enough
information in an exit code. Thus GnuPG uses status messages
(--status-fd N) to tell you what is going on. A simple AWK script can
be used to parse them - or you use gpgme which does everything for you
and returns a set of flags describing the result (one of theses flags is
a convenient red/green value).
I your case, you should not use gpg but gpgv. GPGV has been designed
for the purpose of automated signature verification and is what all
Linux distros use.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list