Signature validation in a script
benchoff at bev.net
Mon Sep 5 18:38:16 CEST 2011
I'm trying to write a shell script to verify a file signed with a detached
signature. I want to test for a valid signature from a key in a keyring
that I specify. I want to be sure that no user options files, additional
keyrings, or environment variables can override what happens. I have
come up with the following options:
$GPG_BIN --trust-model always --no-default-keyring --keyring $KEYRING \
--no-auto-key-locate --no-use-agent --batch --no-options \
--verify $SIG_FILE $DATA_FILE
I am looking for a return value of 0 to indicate a valid signature.
It looks like this will work with both gpg and gpg2 even though all of
the options aren't necessary. Are there any other options I should use?
More information about the Gnupg-users