Re: Verify with missing public key: unexpected returncode
On 03/03/2017 06:04 PM, Gerd v. Egidy wrote: > When reading the gpg2 manpage on return codes: One quick observation, if using this in automated way and return code matters, you likely want to check out "gpgv", otherwise you should be parsing --status-fd output for more details -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Qui audet vincit Who dares wins signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify with missing public key: unexpected returncode
Hi Kristian, On Friday, 03 March 2017 18:11:04 CET Kristian Fiskerstrand wrote: > On 03/03/2017 06:04 PM, Gerd v. Egidy wrote: > > When reading the gpg2 manpage on return codes: > One quick observation, if using this in automated way and return code > matters, you likely want to check out "gpgv", otherwise you should be > parsing --status-fd output for more details Yes, this is an automated scenario. I'm already using --status-fd and parsing it's output. But to be on the safe side, I was checking the return code too. With the way gpg2 currently implements the return codes it seems I can't use them. Kind regards, Gerd ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify with missing public key: unexpected returncode
Hi Robert, > > I think it should return 1 in this case. But I get 2. Why? > > Because there were no bad signatures. A signature which cannot be > verified is neither good nor bad, it just is. ok. > The alternative would be for GnuPG to return a bad signature literally > *whenever* it had no public key with which to verify the signature, > meaning that 99% of signatures on a mailing list would be reported as > bad. Can you imagine the bug reports we'd get from people if that were > the case? "Your software package is listing every single signed message > I've received as being bad!" Hmm, but according to the manpage you currently get a returncode meaning "fatal error" in this case. That sounds much more severe to me than a bad signature. Kind regards, Gerd ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify with missing public key: unexpected returncode
> I think it should return 1 in this case. But I get 2. Why? Because there were no bad signatures. A signature which cannot be verified is neither good nor bad, it just is. The alternative would be for GnuPG to return a bad signature literally *whenever* it had no public key with which to verify the signature, meaning that 99% of signatures on a mailing list would be reported as bad. Can you imagine the bug reports we'd get from people if that were the case? "Your software package is listing every single signed message I've received as being bad!" ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Verify with missing public key: unexpected returncode
Hi, I have a scenario where a signature on a file should be checked. The file is signed by several keys and for this scenario it is ok if at least one is correct. In some cases it can happen that the system doing the check does not have access to all public keys that are used for signing. When reading the gpg2 manpage on return codes: > The program returns 0 if everything was fine, 1 if at least a signature was > bad, and other error codes for fatal errors. I think it should return 1 in this case. But I get 2. Why? Here are the commands to reproduce: $ gpg2 --verify test.asc.gpg gpg: Signature made Fri Mar 3 17:44:57 2017 CET using RSA key ID DB2D0998DC19EEA3 gpg: Good signature from "Foo Foo" [ultimate] gpg: Signature made Fri Mar 3 17:45:01 2017 CET using RSA key ID 467C036CA9014F3F gpg: Good signature from "Bar Bar" [ultimate] $ gpg2 --delete-secret-keys 467C036CA9014F3F $ gpg2 --delete-keys 467C036CA9014F3F $ gpg2 --verify test.asc.gpg ; echo "RET: $?" gpg: Signature made Fri Mar 3 17:44:57 2017 CET using RSA key ID DB2D0998DC19EEA3 gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: Good signature from "Foo Foo" [ultimate] gpg: Signature made Fri Mar 3 17:45:01 2017 CET using RSA key ID 467C036CA9014F3F gpg: Can't check signature: No public key RET: 2 Kind regards, Gerd ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users