Re: Is there built-in a way validate a signature against a specific key?
On Wed, Apr 24, 2024 at 11:14:06AM +0200, Werner Koch via Gnupg-users wrote: > On Tue, 23 Apr 2024 21:39, Eric Pruitt said: > > I have multiple public keys in my GPG keyring. When validating > > signatures, I sometimes want to validate them against a specific key so > > The classcc tool for this is gpgv with its --keyring option. This is > what for example Debian uses to validate signatures. I think this is what I'm already doing and what I meant when I wrote "I do this by creating a keyring that consists of only one key and using that [...]" or have I misunderstood what you suggested? > A newer way is the --assert-signer option we introduced with version > 2.4.1: Thanks, this does what I want. Eric ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is there built-in a way validate a signature against a specific key?
On Tue, 23 Apr 2024 21:39, Eric Pruitt said: > I have multiple public keys in my GPG keyring. When validating > signatures, I sometimes want to validate them against a specific key so The classcc tool for this is gpgv with its --keyring option. This is what for example Debian uses to validate signatures. A newer way is the --assert-signer option we introduced with version 2.4.1: --assert-signer fpr_or_file This option checks whether at least one valid signature on a file has been made with the specified key. The key is either specified as a fingerprint or a file listing fingerprints. The fingerprint must be given or listed in compact format (no colons or spaces in between). This option can be given multiple times and each fingerprint is checked against the signing key as well as the corresponding primary key. If fpr_or_file specifies a file, empty lines are ignored as well as all lines starting with a hash sign. With this option gpg is guaranteed to return with an exit code of 0 if and only if a signature has been encountered, is valid, and the key matches one of the fingerprints given by this option. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Is there built-in a way validate a signature against a specific key?
I have multiple public keys in my GPG keyring. When validating signatures, I sometimes want to validate them against a specific key so if the file is signed by someone other than the individual or organization I expect, it will fail. Currently, I do this by creating a keyring that consists of only one key and using that, and some cursory searching didn't uncover any alternatives. If there still isn't a GPG option for validating a signature against a specific key, is there a particular reason it doesn't exist? Eric ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users