How to verify lot of .sig files in lot of subdirectories with script

James P. Howard, II jh at
Sun Jul 19 14:43:02 CEST 2009

On Sun Jul 19 2009 06:11:05 GMT-0400 (EDT) , Csabi <db111 at>

> I have lot of subdirectories containing program source code
> compressed files and their signature files. For example: <program
> name> <program version>.tar.gz and <program name> <program
> version>.tar.gz.sig How do i verify lot of .sig files in lot of
> subdirectories with one script under Linux? When i want to verify one
> .sig file i must give a complete path and filename to GNUPG and *.sig
> is not operate... I havent Linux shell script programming knowledge
> to resolve the problem: the script search all .sig files in all
> subdirectory and call GNUPG to verify.

The simplest way to do this is to run this in the top level directory:

  find . -name *.sig -print0 | xargs -n1 -0 gpg --verify -v

The first part grabs a list of .sig files and the second part runs GPG
on each sequentially.  The -v forces GPG to list is assumption on the
file to be verified and as a result, you can see the signature following
the name.  More complex variants on this may be possible.


James P. Howard, II, MPA
jh at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090719/f8e5b271/attachment-0001.pgp>

More information about the Gnupg-users mailing list