On 30/10/17 03:00, Dan Horne wrote:
> However, if I simply decrypt the file I get confirmation of the signature
This was a misunderstanding: gpgv cannot decrypt, so when Werner
suggested gpgv, he mustn't have realised you were decrypting as well as
verifying.
HTH,
Peter.
--
I use the GNU Priva
Thanks. I exported my keys to ~/.gnupg/trustedkeys.gpg. I tried gpgv2 but
got the following
bash-3.2$ gpgv2 declaration.pgp
gpgv: verify signatures failed: Unexpected error
Adding --verbose did not affect this (Note this is a OpenCSW install)
However, if I simply decrypt the file I get confirmat
On Fri, 27 Oct 2017 05:55, dan.ho...@redbone.co.nz said:
> Thanks - I get the line saying "good signature" i n my message, but are you
> saying that I have to grep the output for the message and the email address
> of the encryptor?
Never ever do this. You need to use --status-fd to get well defi
On Fri, 27 Oct 2017 06:01, dan.ho...@redbone.co.nz said:
> gpg2 --verify-sign
Verification against a set of known keys is done using gpgv
gpgv FILE
which uses ~/.gnupg/trustedkeys.gpg. To specifiy another file with keys
you use
gpgv --keyring KEYRING FILE
here is how we do this when bu
On 10/26/2017 11:01 PM, Dan Horne wrote:
> Yes - that's what my OP meant - Verifying the key. But I'm hoping to
> avoid greping the output. What I'd love to do is provide the key I want
> verified and for GnuPG to confirm e.g. something like the following
> would be fab:
>
> gpg2 --verify-sign
Yes - that's what my OP meant - Verifying the key. But I'm hoping to avoid
greping the output. What I'd love to do is provide the key I want verified
and for GnuPG to confirm e.g. something like the following would be fab:
gpg2 --verify-sign
On 27 October 2017 at 15:08, Antony Prince wrote:
Thanks - I get the line saying "good signature" i n my message, but are you
saying that I have to grep the output for the message and the email address
of the encryptor?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/lis
You need to verify the key that signed it. A valid signature means nothing. A
malicious actor could sign any message or days with a valid, verifiable key and
send it to you. The heart of the matter is the key that signed it. Gnupg tells
you which key signed the data, usually by long key ID IIRC.
> maybe I'm missing something, but how do I verify not only that an
> encrypted file is signed, but that it is signed by the party I expect to
> have signed it?
Look for output like:
=
Signature made 10/26/17 22:01:37 Eastern Daylight Time
using RSA key CC11BE7CBBED77B120F37B01
Hi all
maybe I'm missing something, but how do I verify not only that an encrypted
file is signed, but that it is signed by the party I expect to have signed
it? In other words, if two parties can supply a file with the same name I
want to make sure that when I think I'm dealing with a file from p
10 matches
Mail list logo
