Return codes of unsuccessful gpg --verify
Jody McIntyre
jodym@oeone.com
Sat Aug 18 22:04:01 2001
--O5XBE6gyVG5Rl6Rj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I am using gpg to verify a signed XML file from a Perl script. I have been
relying on the return code to inform me if verification has been successful.
However, when the data is simply stored, not signed, verification returns 0
despite nothing being verified:
[jodym@jodym1 bla]$ gpg --store Packages.xml
[jodym@jodym1 bla]$ gpg --verify Packages.xml.gpg=20
[jodym@jodym1 bla]$ echo $?
0
Compare this to the behaviour for a BAD signature:
[jodym@jodym1 bla]$ gpg --sign Packages.xml
You need a passphrase to unlock the secret key for
user: "Jody McIntyre <jodym@oeone.com>"
1024-bit DSA key, ID E2B11082, created 2000-11-27
[jodym@jodym1 bla]$ vi Packages.xml.gpg # Corrupt the file =20
[jodym@jodym1 bla]$ gpg --verify Packages.xml.gpg
gpg: Signature made Sat 18 Aug 2001 03:32:24 PM EDT using DSA key ID E2B110=
82
gpg: BAD signature from "Jody McIntyre <jodym@oeone.com>"
[jodym@jodym1 bla]$ echo $?
1
Is there any reliable way to determine if a package could be verified? Do
I need to look for "Good signature" in gpg's output?
Thanks,
Jody
--=20
Jody McIntyre, jodym@oeone.com - OEone Corporation, Hull, Quebec, Canada
--O5XBE6gyVG5Rl6Rj
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjt+ydoACgkQ8Lxwe+KxEIKHoQCgr1WbtS5Xv9THyvzGnBL7lGE6
VVQAmwZzffJM56pzUu+j/0u7Fa//qFsQ
=Me+H
-----END PGP SIGNATURE-----
--O5XBE6gyVG5Rl6Rj--