On Tue, 26 Sep 2017 13:07, andr...@andrewg.com said: > The gpg command itself should cryptographically verify signatures when > performing --list-sigs, so that at least it can throw a warning when an
Actually --list-sigs is more of a debug command than a command users should use to verify a key. The real command is --check-sigs and it does what you suggested. Unfortunately the man pages describes --list-sigs in detail and only in the next paragraph --check-sigs is explained in terms of --list-sigs. it might be better to merge them into one description with a focus on --check-sigs. Anyway, it is easy to create keys just for signatures and --check-sigs would not make a difference. Look at my key for all those vanity signature. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpRq4IaKv732.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users