checking signatures in shell scripts
David Shaw
dshaw@jabberwocky.com
Wed Aug 14 23:24:01 2002
On Wed, Aug 14, 2002 at 04:35:59PM -0400, Joseph Shraibman wrote:
> OK I'm writing a shell script using --status-fd. I'm getting the line:
> [GNUPG:] GOODSIG 7601B0BFBEF180FD Joseph Shraibman <joseph@xtenit.com>
>
> gpg --list-keys gives me:
> pub 1024D/BEF180FD 2002-08-14 Joseph Shraibman <joseph@xtenit.com>
> sub 2048g/1C77F7D2 2002-08-14
>
> So how, in general, can I match up the GOODSIG to a particular key? I can
> use VALIDSIG because it gives the fingerprint but fingerprints are longer
> and unwieldy to pass around (and I have to take out the spaces before
> comparing).
GOODSIG gives you the full 64-bit keyid. --list-keys gives you only
the lower 32 bits. Notice that the the last 8 letters in the GOODSIG
id match the keyid in the --list-keys listing.
Still, fingerprint is the most accurate match.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson