Inocrrect(?) verification exit code for revoked certificates

Werner Koch wk at
Sat Feb 25 13:04:53 CET 2012

On Fri, 24 Feb 2012 15:27, joanna at said:

> Wile it seems to me that an error exit code should returned in this
> case. After all a "good" signature made with a compromised key, should
> not be considered as "good"...

That is a FAQ and the short answer is that you can't convey enough
information in an exit code.  Thus GnuPG uses status messages
(--status-fd N) to tell you what is going on.  A simple AWK script can
be used to parse them - or you use gpgme which does everything for you
and returns a set of flags describing the result (one of theses flags is
a convenient red/green value).

I your case, you should not use gpg but gpgv.  GPGV has been designed
for the purpose of automated signature verification and is what all
Linux distros use.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list