1.4.0: Howto verify a signed file quickly - without any --homedir...

Peter Valdemar Mørch swp5jhu02 at sneakemail.com
Tue Feb 8 10:58:08 CET 2005

Hi there,

My task: I have a public keyring and a signed file. I need to test
whether they verify from a script.

I don't want to use the current user's trust, keyrings or anything. In
fact, the user's home directory may not even be writable by the user.

In gnupg 1.2.5, this worked:

# gpg --always-trust --secret-keyring /dev/null --no-default-keyring
--keyring /my/key.ring --verify /some/file
gpg: Signature made Mon 19 Apr 2004 13:29:53 CEST using DSA key ID 53776FD8
gpg: Good signature from "Somebody <some at where.dk>"
gpg: WARNING: Using untrusted key!

However, in 1.4.0, this gives the following error:

gpg: fatal: can't create directory `/home/user/.gnupg': Permission denied

OK, so I can always do e.g.:
# mkdir /tmp/bogus
# gpg --homedir /tmp/bogus ...
# rm -rf /tmp/bogus

But then I'm spending time creating the bogus directory, initializing a
trust database, only to just delete it afterward. And now I have to take
care not to have two scripts running simultaneously or to use distinct
temporary directory names with all the pitfalls *that* has.

Isn't there a simpler way avoiding the homedir altogether? (--homedir 
/dev/null doesn't work! :-D)


Peter Valdemar Mørch

More information about the Gnupg-users mailing list