I wondered about how to use --verify and check that the
file was signed by the authority key (--verify only prints the keyid,
"--keyid-format none" does not allow --verify to print fingerprints in 2.1.15
$ /opt/gnupg/bin/gpg --version
gpg (GnuPG) 2.1.15
$ echo foo > foo
$ /opt/gnupg/bin/gpg --detach-sign foo
$ /opt/gnupg/bin/gpg --keyid-format none --verify foo.sig
gpg: assuming signed data in 'foo'
gpg: Signature made Mon Nov 14 15:29:14 2016 CET
gpg: using RSA key FE78101DA517316D
gpg: Good signature from "firstname.lastname@example.org" [ultimate]
With --list-sigs and --search-keys only the long keyid is printed, too.
But with --list-sigs you can use --with-colons and with --search-keys you'd want
to check the imported keys anyway.
I haven't checked what other commands do.
Use case was https://github.com/firstlookmedia/gpgsync (or a non-gui equivalent)
where a signed file should only be accepted when it has been signed by a certain