On Sun, Jun 05, 2016 at 03:04:07PM +0200, Werner Koch wrote: > On Sun, 5 Jun 2016 13:24, [email protected] said: > > > However, given a file with a bad signature, I still need > > --display-charset utf-8 to get utf-8 output regardless of locale: > > Use --status-fd 2. --with-colons is only used for keylistings. Error > messages etc. are send to the status fd, prefixed with "[GNUPG:]". > Ignore all other output to stderr.
In production code I actually use this to verify signature on
clearsigned text submitted via a web form:
1. I create a temporary directory and use it also as a blank gnupg
homedir
2. I import the trusted key into it, taken from the user database,
where only the key matching the user-provided fingerprints actually
gets imported
3. /usr/bin/gpg --homedir …/data/tmp_keyrings/tmpKG5IVZ -q --no-options
--no-auto-check-trustdb --trust-model always --with-colons --fixed-list-mode
--with-fingerprint --no-permission-warning --no-tty --batch --display-charset
utf-8 --status-fd 3 --logger-fd 4 --decrypt
…/data/tmp_keyrings/tmpKG5IVZ/data.txt
The actual function is at
http://anonscm.debian.org/cgit/nm/nm2.git/tree/keyring/models.py#n159
Indeed, out of habit, in case gnupg exited with nonzero error code I was
looking at stderr instead of the status-fd.
Enrico
--
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <[email protected]>
signature.asc
Description: PGP signature
