Best way to catch INSECURE unverified sig status when shelling out to gpg?
Grant Olson
kgo at grant-olson.net
Sun Feb 10 00:09:49 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I'm currently writing a plugin that allows you to OpenPGP sign/verify
ruby software packages:
https://github.com/grant-olson/rubygems-openpgp
Right now I'm just shelling out to gpg and checking the status code to
determine success or failure. When I have an unverified but good
signature I don't get an error code.
What is the best way to check for this? I presume something like
stdout.include?("INSECURE") is not localization friendly.
Thanks,
- --
- -Grant
"Look around! Can you construct some sort of rudimentary lathe?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAwAGBQJRFtc4AAoJEP5F5V2hilTWCcwIAJoMsbwQ1GikobJD5vnnPwG9
+UmU5ZNKW6gNLDru28/a3VZNKgzdViaCHSfL8XNbm+CzioycImppQvMzliRwminT
filk7KYwnBmMJLEq8Nt1tY93L9Bl+6lWdmDvDRzOyEYpv3iWB8uBd37CacodXiV3
tM3lM0m04A4E/+QDsZ+2tHMzrcuz2gcFPKUC6nh2LzT+0tfsVA1SWQb3Z+3jdvEN
Dn+mE+NyazxgcTcF+syJiRFXza1nFDkQhdkiS4e6wFzvxqLmxJQfoH2Nj18zt6OM
SjZDEmzafnrDl7qxQtCaABH2+cP/CvOLki93YV9nOEQ9nwRAkVy3I73/Iajmw1g=
=+EnS
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list