Signature validation in a script

[Werner Koch]

On Mon,  5 Sep 2011 18:38, benchoff at bev.net said:

> signature.  I want to test for a valid signature from a key in a keyring
> that I specify.  I want to be sure that no user options files, additional

What you want is gpgv or gpgv2:

NAME
       gpgv - Verify OpenPGP signatures

SYNOPSIS
       gpgv [options] signed_files

DESCRIPTION
       gpgv is an OpenPGP signature verification tool.

       This program is actually a stripped-down version of gpg which is
       only able to check signatures.  It is somewhat smaller than the
       fully-blown gpg and uses a different (and simpler) way to check
       that the public keys used to make the signature are valid. There
       are no configuration files and only a few options are
       implemented.

       gpgv assumes that all keys in the keyring are trustworthy.  By
       default it uses a keyring named `trustedkeys.gpg' which is
       assumed to be in the home directory as defined by GnuPG or set by
       an option or an environment variable. An option may be used to
       specify another keyring or even mul tiple keyrings.

RETURN VALUE

       The program returns 0 if everything is fine, 1 if at least one
       signature was bad, and other error codes for fatal errors.


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.