Werner Koch via Gnupg-users <gnupg-users@gnupg.org> writes: > Hi! > > while talking about gpgv, let me remind you about the new > --assert-signer option which can be used as a replacement for gpgv. > > --assert-signer fpr_or_file > > This option checks whether at least one valid signature on file has > been made with the specified key. The key is either specified as a > fingerprint or a file listing fingerprints. The fingerprint must be > given or listed in compact format (no colons or spaces in between). > This option can be given multiple times and each fingerprint is > checked against the signing key as well as the corresponding > primary key. If fpr_or_file specifies a file, empty lines are > ignored as well as all lines starting with a hash sign. With this > option gpg is guaranteed to return with an exit code of 0 if and > only if a signature has been encountered, is valid, and the key > matches one of the fingerprints given by this option. > > This option is available since 2.4.1.
I've been wanting a parameter like that! Does it check key expiration times by default? Is it possible to disable/enable that behaviour? Sometimes (and a safe default behaviour) you want to reject signatures signed by an expired key, although sometimes you want to permit that to confirm that some old signature was created by some expired key. /Simon
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
