How to verify that a signature is from a specific sender

Werner Koch
Tue Dec 18 09:16:02 2001

On Mon, 17 Dec 2001 18:49:31 +0100, Robert Dahlem said:

> How do I verify (or decrypt and verify) something so that I can be sure 
> the mail or file was signed exactly by sender X@Y.Z and noone else?

Because this is a common task, I wrote gpgv which is the signature
verification code of gpg without all the key validation stuff.  You
just pass a custom keyring with the valid signers to gpgv and use it
like gpg. If you have installed gpg try "man gpgv".

The other way is to grep for the status line.  I like to do this using


Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus