how to properly verify a signature from a program?
Peter Pentchev
roam at ringlet.net
Wed Nov 25 12:44:35 CET 2009
On Tue, Nov 24, 2009 at 12:16:29PM -0500, David Roundy wrote:
> Hi all,
>
> I've been searching and searching, and have failed to find any
> documentation or tutorial that indicates the proper way to verify a
> signature from a program. The problem is that I want not to verify
> that *anyone* signed a message, but rather to verify that *someone in
> particular* signed it.
[snip]
> So far as I can tell, the process for a detached signature is something like:
>
> gpg --verify sigfile txtfile && echo signature passed
>
> then look at the output (or stderr?) to find out who signed the file,
> and compare with who was supposed to sign the file. It is this last
> step that sounds problematic. Am I missing something?
That's pretty much what you should do, with just one addition:
add --status-fd=1 to the GnuPG command line. When you do that, gpg
will output something like the following to file descriptor 1 (stdout):
[GNUPG:] SIG_ID eLbkcOT0G/i0ugaTvtB5kkRMJc0 2009-11-25 1259148663
[GNUPG:] GOODSIG 651EEFB02527DF13 Peter Pentchev <roam at ringlet.net>
[GNUPG:] VALIDSIG 2EE7A7A517FC124CF115C354651EEFB02527DF13 2009-11-25 1259148663 0 4 0 1 10 01 2EE7A7A517FC124CF115C354651EEFB02527DF13
[GNUPG:] TRUST_ULTIMATE
Of course, the output *will* be different in your case, what with dates,
key ID's and such :) Also, of course you can use a different value for
the file descriptor (like 2 for stderr, but then this output will be
mixed with the rest of GnuPG's freeform messages), just make sure your
program can read what GnuPG writes to that fd :)
Hope that helps.
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at space.bg roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
I had to translate this sentence into English because I could not read the original Sanskrit.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: </pipermail/attachments/20091125/a883f53f/attachment.pgp>
More information about the Gnupg-users
mailing list