On Tue, Nov 24, 2009 at 12:16:29PM -0500, David Roundy wrote: > Hi all, > > I've been searching and searching, and have failed to find any > documentation or tutorial that indicates the proper way to verify a > signature from a program. The problem is that I want not to verify > that *anyone* signed a message, but rather to verify that *someone in > particular* signed it. [snip] > So far as I can tell, the process for a detached signature is something like: > > gpg --verify sigfile txtfile && echo signature passed > > then look at the output (or stderr?) to find out who signed the file, > and compare with who was supposed to sign the file. It is this last > step that sounds problematic. Am I missing something?
That's pretty much what you should do, with just one addition: add --status-fd=1 to the GnuPG command line. When you do that, gpg will output something like the following to file descriptor 1 (stdout): [GNUPG:] SIG_ID eLbkcOT0G/i0ugaTvtB5kkRMJc0 2009-11-25 1259148663 [GNUPG:] GOODSIG 651EEFB02527DF13 Peter Pentchev <r...@ringlet.net> [GNUPG:] VALIDSIG 2EE7A7A517FC124CF115C354651EEFB02527DF13 2009-11-25 1259148663 0 4 0 1 10 01 2EE7A7A517FC124CF115C354651EEFB02527DF13 [GNUPG:] TRUST_ULTIMATE Of course, the output *will* be different in your case, what with dates, key ID's and such :) Also, of course you can use a different value for the file descriptor (like 2 for stderr, but then this output will be mixed with the rest of GnuPG's freeform messages), just make sure your program can read what GnuPG writes to that fd :) Hope that helps. G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@space.bg r...@freebsd.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 I had to translate this sentence into English because I could not read the original Sanskrit.
pgptYtLHBiNuT.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
