Werner Koch via Gnupg-users <gnupg-users@gnupg.org> writes:

> Hi!
>
> while talking about gpgv, let me remind you about the new
> --assert-signer option which can be used as a replacement for gpgv.
>
>   --assert-signer fpr_or_file
>   
>      This option checks whether at least one valid signature on file has
>      been made with the specified key.  The key is either specified as a
>      fingerprint or a file listing fingerprints.  The fingerprint must be
>      given or listed in compact format (no colons or spaces in between).
>      This option can be given multiple times and each fingerprint is
>      checked against the signing key as well as the corresponding
>      primary key.  If fpr_or_file specifies a file, empty lines are
>      ignored as well as all lines starting with a hash sign.  With this
>      option gpg is guaranteed to return with an exit code of 0 if and
>      only if a signature has been encountered, is valid, and the key
>      matches one of the fingerprints given by this option.
>
> This option is available since 2.4.1.

I've been wanting a parameter like that!  Does it check key expiration
times by default?  Is it possible to disable/enable that behaviour?

Sometimes (and a safe default behaviour) you want to reject signatures
signed by an expired key, although sometimes you want to permit that to
confirm that some old signature was created by some expired key.

/Simon

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to