> Von: Peter Lebbing [mailto:pe...@digitalbrains.com] > > On 03/09/18 18:56, Fiedler Roman wrote: > > With gpg1 a similar command should have verified, that the signature > > is exactly from the single public key stored in "key.pub". > > This has never been a supported use of gpg, it just happened to work > because GnuPG 1.4 happened to use a bunch of exported OpenPGP > certificates as the format of its public keyring. This was an > implementation detail which enabled you to do this. Just because you can > use the rear side of a screwdriver to hammer in a small nail doesn't > mean you're meant to do carpentry that way ;-).
Maybe the current hammer documentation should be updated, to remove the "--use-as-hammer" options? Or at least declare, that they shall not be used that way. See: https://www.gnupg.org/gph/en/manual/r1606.html https://www.gnupg.org/gph/en/manual/r1574.html Without that, what should be the purpose of the "--no-default-keyring" except to flush all default keys and operate only on the ones given via the "--keyring" option? > In GnuPG, the homedir is > pretty much not part of the interface, it is internal with some > exceptions like .conf-files and being able to retrieve revocation > certificates from it. The keyring format has changed and GnuPG also > expects a lot of other different things in its homedir. So it no longer > works. Maybe the "--no-default-keyring" should return something like "obsolete gnupg file API used" instead of "[GNUPG:] UNEXPECTED 0"? > It could be that recently an option was added to check a signature by a > certificate in a file, but in general you need to import a certificate > before you can do verifications. I didn't see the new option in the few > announcements I read. Either it was discussed and not done or discussed > and implemented, can't recall. Werner gave a good solution in another followup message. May I recommend updating the online docu/man page for "--verify" with something like this? """For automated verification against a single public key, the gpgv tool may better suit you needs""" Or could I submit patches to documentation and source code (error handling) myself? I did not find a "contribute" section on the gnupg website at a first glance (menus/FAQs), but could look into it deeper, if helpful. Regards, Roman _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users