How to select a particular public key when verifying a signature?

Hauke Laging mailinglisten at hauke-laging.de
Sun Dec 18 00:24:30 CET 2011


Am Samstag, 17. Dezember 2011, 15:22:28 schrieb Vladimir A. Pavlov:
> 1. Is there a way to select a key to verify a file with?

1) Create a directory for each key, e.g. /tmp/gpg-aaaaaaaa

2) Import the key:
gpg --homedir /tmp/gpg-aaaaaaaa --import aaaaaaaa.asc

3) Check the files:
gpg --homedir /tmp/gpg-aaaaaaaa --trusted-key AAAAAAAAAAAAAAAA \
--verify file.sig

The solution is to use different gpg calls for the two keys.


I would like to add that you are doing something strange: Usually crypto is 
used to unambigiously connect data to a person. You are trying to do this the 
other way round: You are using whatever to find out whether the crypto 
information is correct. See the problem? If somebody is capable of faking your 
signatures why shouldn't he be able to fake anything else (which you take as a 
proof of origin) like sending an email from the other ones account?


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20111218/39755a9a/attachment-0001.pgp>


More information about the Gnupg-users mailing list