<div dir="ltr">Yes - that's what my OP meant - Verifying the key. But I'm hoping to avoid greping the output. What I'd love to do is provide the key I want verified and for GnuPG to confirm e.g. something like the following would be fab:<div><br></div><div>gpg2 --verify-sign <key-id> <filename></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 27 October 2017 at 15:08, Antony Prince <span dir="ltr"><<a href="mailto:antony@blazrsoft.com" target="_blank">antony@blazrsoft.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>You need to verify the key that signed it. A valid signature means nothing. A malicious actor could sign any message or days with a valid, verifiable key and send it to you. The heart of the matter is the key that signed it. Gnupg tells you which key signed the data, usually by long key ID IIRC. You have to make sure the key that signed the data is the key that you expect, basically. If you need something more in-depth, there are many more qualified individuals to assist on the list.<span class=""><br><br><div class="gmail_quote">On October 26, 2017 7:52:33 PM EDT, Dan Horne <<a href="mailto:dan.horne@redbone.co.nz" target="_blank">dan.horne@redbone.co.nz</a>> wrote:<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi all<div><br></div><div>maybe I'm missing something, but how do I verify not only that an encrypted file is signed, but that it is signed by the party I expect to have signed it? In other words, if two parties can supply a file with the same name I want to make sure that when I think I'm dealing with a file from party A, it is actually signed by party A. At the the moment, when I decrypt the file, it seems to simply be checking that the signature is valid.</div><div><br></div><div><br></div><div><br></div></div>
</blockquote></div><br></span><span class="HOEnZb"><font color="#888888">
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</font></span></div></blockquote></div><br></div>