gpg --verify in batch mode / how to require a trust level?

gbernd at gmx.de gbernd at gmx.de
Tue Jan 18 16:19:27 CET 2022


Hi,

for a backup integrity protection, I want to add a signature check to
the restore script to reject the backup files that are not properly
signed. So far, so good.

#$ gpg --verify backup.tar.sig

#$ if [ $? -ne 0 ]; then echo "backup is not properly signed!"; exit 1; fi

#$ tar xzvf backup.tar

Now, I find that `gpg --verify` produces a return code rc=0 when there
is a public key in my keyring that I once added, even though I never
declared that I trust this key.

How can I require `gpg --verify` to only accept keys from my keyring
with a certain trust level and fail otherwise (rc!=0)

Alternatively, how can I check that a signature was done with a specific
key?

Many thanks

Bern




More information about the Gnupg-users mailing list