Verify that the file is from who I expect it to be from
Dan Horne
dan.horne at redbone.co.nz
Mon Oct 30 03:00:35 CET 2017
Thanks. I exported my keys to ~/.gnupg/trustedkeys.gpg. I tried gpgv2 but
got the following
bash-3.2$ gpgv2 declaration.pgp
gpgv: verify signatures failed: Unexpected error
Adding --verbose did not affect this (Note this is a OpenCSW install)
However, if I simply decrypt the file I get confirmation of the signature
bash-3.2$ gpg2 --output declaration.txt --decrypt declaration.pgp
gpg: encrypted with 2048-bit RSA key, ID C0F7C32A, created 2017-10-26
"<my dummy key>"
gpg: Signature made Mon Oct 30 13:04:26 2017 NZDT using RSA key ID 0A5F3B0F
gpg: Good signature from "<third party dummy key>" [ultimate]
On 28 October 2017 at 00:20, Werner Koch <wk at gnupg.org> wrote:
> On Fri, 27 Oct 2017 06:01, dan.horne at redbone.co.nz said:
>
> > gpg2 --verify-sign <key-id> <filename>
>
> Verification against a set of known keys is done using gpgv
>
> gpgv FILE
>
> which uses ~/.gnupg/trustedkeys.gpg. To specifiy another file with keys
> you use
>
> gpgv --keyring KEYRING FILE
>
> here is how we do this when building GnUPG using the Speedo scripts:
>
> if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
> echo "list of software versions is not valid!" >&2
> exit 1
> fi
>
> This is from gnupg/build-aux/getswdb.sh. To create the file with the
> keys you can do this:
>
> gpg --export --export-options export-minimal FPR1 FPR2 FPR2
> >trustedkeys.gpg
>
> Do _not_ use --armor. --export-options is not really required but
> strips down the size of the key.
>
>
> @Rob: Shouldn't we mention gpgv in the FAQ?
>
>
> Shalom-Salam,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171030/fce92655/attachment.html>
More information about the Gnupg-users
mailing list