Q: how to verify signature
Thu, 30 Nov 2000 17:16:18 +0100
I'm having a problem.
What I want:
I have a big absolute tar-archive (several to 500 MB) that should go to
several people, who should get that into their machine without much
interaction. So they get a shell script, which verifies the signing, and if
it's from me, untar it.
Should be verifyable from me, and readable only by them.
Distributed per CD or network, should be fast to be unpacked, MUST go without
temporary files of the archive. (space in /tmp <32MB).
So signed by me, crypted for them.
> gpg -o Outputfile -se -r One -r Two -r Three Inputfile
makes the outputfile.
I want to write a shellscript to unpack that.
If it does
gpg -d -o - Outputfile | tar -xvf -
it gets the information "Good signature from xxx" AFTER it has been unpacked!
But if I do
gpg -o - -e -r One -r Two -r Three Inputfile | gpg -s > Outputfile
gpg --verify Outputfile | grep 'Good signature from "xxx"' || exit
gpg -o - d Outputfile | tar -xvf -
it doesn't work.
(BTW, if I want to do that via ssh-piping the datafile I'd have to send it
How can I test the signature of a file without having to read it twice??
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org