Signature validation in a script

Phil Benchoff benchoff at
Mon Sep 5 18:38:16 CEST 2011

I'm trying to write a shell script to verify a file signed with a detached
signature.  I want to test for a valid signature from a key in a keyring
that I specify.  I want to be sure that no user options files, additional
keyrings, or environment variables can override what happens.  I have
come up with the following options:

$GPG_BIN  --trust-model always --no-default-keyring --keyring $KEYRING \
           --no-auto-key-locate --no-use-agent --batch --no-options \
           --verify  $SIG_FILE $DATA_FILE

I am looking for a return value of 0 to indicate a valid signature.

It looks like this will work with both gpg and gpg2 even though all of
the options aren't necessary.  Are there any other options I should use?


More information about the Gnupg-users mailing list