checking signatures in shell scripts

David Shaw
Wed Aug 14 23:24:01 2002

On Wed, Aug 14, 2002 at 04:35:59PM -0400, Joseph Shraibman wrote:
> OK I'm writing a shell script using --status-fd. I'm getting the line:
> [GNUPG:] GOODSIG 7601B0BFBEF180FD Joseph Shraibman <>
> gpg --list-keys gives me:
> pub  1024D/BEF180FD 2002-08-14 Joseph Shraibman <>
> sub  2048g/1C77F7D2 2002-08-14
> So how, in general, can I match up the GOODSIG to a particular key?  I can 
> use VALIDSIG because it gives the fingerprint but fingerprints are longer 
> and unwieldy to pass around (and I have to take out the spaces before 
> comparing).

GOODSIG gives you the full 64-bit keyid.  --list-keys gives you only
the lower 32 bits.  Notice that the the last 8 letters in the GOODSIG
id match the keyid in the --list-keys listing.

Still, fingerprint is the most accurate match.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson