On Tue, 2011-10-04 at 11:09 -0700, H. Peter Anvin wrote: > gpgv is only usable to verify contents (equivalent to gpg --verify). > For other things you need to use gpg's --status-fd feature, *or* > (perhaps better) run gpgv on the output to verify that you actually got > a good signature.
Hmm, gpgv is not quite equivalent to gpg --verify. With gpgv I get the following error: $ gpgv /tmp/gpgvmail-s.x /tmp/gpgvmail-d.x gpgv: keyblock resource `/home/rostedt/.gnupg/trustedkeys.gpg': file open error gpgv: Signature made Tue 04 Oct 2011 02:35:50 PM EDT using RSA key ID C66DAA00 gpgv: Can't check signature: public key not found I don't have a "trustedkeys.gpg" file. Do I need to generate one? Using gpg --verify, it doesn't complain: $ gpg --verify /tmp/gpgvmail-s.x /tmp/gpgvmail-d.x gpg: Signature made Tue 04 Oct 2011 02:35:50 PM EDT using RSA key ID C66DAA00 gpg: Good signature from "Steven Rostedt (Der Hacker) <[email protected]>" -- Steve _______________________________________________ Quilt-dev mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/quilt-dev
