On Mon, 12 Jan 2015 19:52, patrick-mailingli...@whonix.org said: > However, what works for me is this: > > gpg --output ./out --verify ./sha512sums.asc
We are both wrong. --verify does only a verify and nothing else. Running without --verify writes the actual signed data to the file. > When it exits 0, then this approach is sound, sane and fine? You better check the status lines; in particular watch out for [GNUPG:] VALIDSIG E4B868C8F90C..... or use gpgv. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users