Is there built-in a way validate a signature against a specific key?
Werner Koch
wk at gnupg.org
Wed Apr 24 11:14:06 CEST 2024
On Tue, 23 Apr 2024 21:39, Eric Pruitt said:
> I have multiple public keys in my GPG keyring. When validating
> signatures, I sometimes want to validate them against a specific key so
The classcc tool for this is gpgv with its --keyring option. This is
what for example Debian uses to validate signatures.
A newer way is the --assert-signer option we introduced with version
2.4.1:
--assert-signer fpr_or_file
This option checks whether at least one valid signature on
a file has been made with the specified key. The key is
either specified as a fingerprint or a file listing
fingerprints. The fingerprint must be given or listed in
compact format (no colons or spaces in between). This
option can be given multiple times and each fingerprint is
checked against the signing key as well as the
corresponding primary key. If fpr_or_file specifies a
file, empty lines are ignored as well as all lines
starting with a hash sign. With this option gpg is
guaranteed to return with an exit code of 0 if and only if
a signature has been encountered, is valid, and the key
matches one of the fingerprints given by this option.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240424/372c1289/attachment.sig>
More information about the Gnupg-users
mailing list