Note that the above user visible output (not the exit code) pretends to report success, which is likely to make direct or scripted human users accept the wrong signature.
This is the behavior at fault in the EFAIL paper of a few years ago.
--status-fd is a particularly horrible interface for shell scripting use, as it requires setting up an additional temporary file and overly complex parsing commands todistinguish different outcomes.
Either use a better shell with support for the processing behavior you need, or else write your verifier in Perl or Python and do the stuff there. You could also probably do it in awk.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
