Verify with missing public key: unexpected returncode

Gerd v. Egidy gerd.von.egidy at
Fri Mar 3 18:24:08 CET 2017

Hi Robert,

> > I think it should return 1 in this case. But I get 2. Why?
> Because there were no bad signatures.  A signature which cannot be
> verified is neither good nor bad, it just is.


> The alternative would be for GnuPG to return a bad signature literally
> *whenever* it had no public key with which to verify the signature,
> meaning that 99% of signatures on a mailing list would be reported as
> bad.  Can you imagine the bug reports we'd get from people if that were
> the case?  "Your software package is listing every single signed message
> I've received as being bad!"

Hmm, but according to the manpage you currently get a returncode meaning 
"fatal error" in this case. That sounds much more severe to me than a bad 

Kind regards,


More information about the Gnupg-users mailing list