Provide a strict verify option for a signature
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Kyoshiro
	May 15 2013, 3:05 PM

Description

I'm using gnupg to check signatures in a (cron) script, and I'd like gnupg to
exit with an error when --verify displays warnings like :

Note: This key has expired!
WARNING: This key is not certified with a trusted signature! There is no

indication that the signature belongs to the owner.

Could it be possible to add to GnuPG an option such as --verify-strict, that
would exit with a non-null return code if the signature is correct but from an
invalid key, expired key, or whatever trust issues GnuPG could lift ?

Keep up the good work !

Best regards

Loïc Gomez

Details

Version: 1.4.12

Event Timeline

Kyoshiro set Version to 1.4.12.May 15 2013, 3:05 PM

Kyoshiro added projects: Feature Request, gnupg.

Kyoshiro added a subscriber: Kyoshiro.

If you want to rely on the exit coide, you can't use gpg. There are simply too
many things to consider and everyone has a different policy. I commonly use AWK
scripts to implement such policies by parsing the --status-fd output.

The tool you might want to use is gpgv which has been designed for these
purposes. In fact, it is used by all Linux distros to verify the integrity of
the downloaded packages against a specific keyring. Please check out the gpgv
man page.

• werner added a project: Won't Fix.May 17 2013, 10:20 AM

Thanks for your answer, I'll do that then.

Best regards

Loïc Gomez

• werner closed this task as Resolved.May 22 2013, 1:34 PM

• werner claimed this task.

Provide a strict verify option for a signatureClosed, ResolvedPublicActions

Description

Best regards

Details

Event Timeline

Best regards

Provide a strict verify option for a signature
Closed, ResolvedPublic
Actions