Verify that the file is from who I expect it to be from
Werner Koch
wk at gnupg.org
Fri Oct 27 13:26:40 CEST 2017
On Fri, 27 Oct 2017 05:55, dan.horne at redbone.co.nz said:
> Thanks - I get the line saying "good signature" i n my message, but are you
> saying that I have to grep the output for the message and the email address
> of the encryptor?
Never ever do this. You need to use --status-fd to get well defined
strings. For example
$ gpg --verify --status-fd 1 x.msg 2>/dev/null \
| awk '$1=="[GNUPG:]" && $2=="VALIDSIG" {print $3}'
prints the fingerprint of the signing iff the signature is valid. Take
care that you know what is actually verified. The best way to
accomplish this is to use detached signatures.
Anyway, using gpgv is in most cases much more robust (see my other
mail).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171027/aec3c06b/attachment.sig>
More information about the Gnupg-users
mailing list