Verify that the file is from who I expect it to be from

Dan Horne dan.horne at
Mon Oct 30 03:00:35 CET 2017

Thanks. I exported my keys to ~/.gnupg/trustedkeys.gpg. I tried gpgv2 but
got the following

bash-3.2$ gpgv2 declaration.pgp
gpgv: verify signatures failed: Unexpected error

Adding --verbose did not affect this (Note this is a OpenCSW install)

However, if I simply decrypt the file I get confirmation of the signature

bash-3.2$ gpg2  --output declaration.txt  --decrypt declaration.pgp

gpg: encrypted with 2048-bit RSA key, ID C0F7C32A, created 2017-10-26
      "<my dummy key>"
gpg: Signature made Mon Oct 30 13:04:26 2017 NZDT using RSA key ID 0A5F3B0F
gpg: Good signature from "<third party dummy key>" [ultimate]

On 28 October 2017 at 00:20, Werner Koch <wk at> wrote:

> On Fri, 27 Oct 2017 06:01, dan.horne at said:
> > gpg2 --verify-sign <key-id> <filename>
> Verification against a set of known keys is done using gpgv
>   gpgv FILE
> which uses ~/.gnupg/trustedkeys.gpg.  To specifiy another file with keys
> you use
>   gpgv --keyring KEYRING FILE
> here is how we do this when building GnUPG using the Speedo scripts:
>   if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
>     echo "list of software versions is not valid!" >&2
>     exit 1
>   fi
> This is from gnupg/build-aux/  To create the file with the
> keys you can do this:
>   gpg --export --export-options export-minimal FPR1 FPR2 FPR2
> >trustedkeys.gpg
> Do _not_ use --armor.  --export-options is not really required but
> strips down the size of the key.
> @Rob: Shouldn't we mention gpgv in the FAQ?
> Shalom-Salam,
>    Werner
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gnupg-users mailing list