[claus.fischer@clausfischer.com: gpgv documentation shortcomings]

Claus Fischer claus.fischer@clausfischer.com
Fri, 27 Oct 2000 17:49:43 -0700

I would like a procmail script that is able to verify signatures
and pass on the signed parts for automatic execution.

I assume that gpgv is designed for that job, but the
documentation is somewhat terse. The manpage should
answer the following questions:

If I have a message with unsigned parts, what happens to them?
If I have a message which is wholly unsigned, what happens to it?
How is it possible to pass on a message only if it is fully signed?
How is it possible to pass on only the signed parts of an otherwise
larger message?

In other words, there are several models for the job I want to do:
1  Filter out the signed parts of the message
2  Pass on the whole message if it's signed otherwise not
3  If a signed message contains badsigned parts, pass them on
4  If a signed message contains badsigned parts, filter them out

Personally I think model 2 makes most sense; also, model 1 plus 3
makes sense to work on; but when picking a model one needs the
information above to understand exactly what gpgv is doing
(rather than finding that out from experiments).

If anyone knows the answers to those questions, I would appreciate
it. Perhaps the gpgv man page could also be extended.


P.S.   `signed' here means signed with a key found in the trusted
P.P.S.  Please pass on this message if someone else does the

Claus Fischer <claus.fischer@clausfischer.com>

----- End forwarded message -----

Claus Fischer <claus.fischer@clausfischer.com>

Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org