On Tue, 2011-10-04 at 12:41 -0700, H. Peter Anvin wrote: > On 10/04/2011 12:38 PM, Steven Rostedt wrote: > > > > Hmm, gpgv is not quite equivalent to gpg --verify. With gpgv I get the > > following error: > > > > $ gpgv /tmp/gpgvmail-s.x /tmp/gpgvmail-d.x > > gpgv: keyblock resource `/home/rostedt/.gnupg/trustedkeys.gpg': file open > > error > > gpgv: Signature made Tue 04 Oct 2011 02:35:50 PM EDT using RSA key ID > > C66DAA00 > > gpgv: Can't check signature: public key not found > > > > > > I don't have a "trustedkeys.gpg" file. Do I need to generate one? > > > > Using gpg --verify, it doesn't complain: > > > > $ gpg --verify /tmp/gpgvmail-s.x /tmp/gpgvmail-d.x > > gpg: Signature made Tue 04 Oct 2011 02:35:50 PM EDT using RSA key ID > > C66DAA00 > > gpg: Good signature from "Steven Rostedt (Der Hacker) <[email protected]>" > > > > gpgv looks at trustedkeys.gpg by default; it's just a different public > keyring. The *big* difference between gpgv and gpg is that the former > doesn't consult the trustdb *at all*.
But I'm using this to test what it generated. Not what it received. If you don't trust your own keys than what should you trust ;) I'm going to use gpg to generate your own key, then run this to test if it worked. I guess I could add an option to verify before you send if you are paranoid. quilt mail --send --sign --verify ... Without --verify, it can use gpg to still make sure the key works, with --verify it would use gpgv. Oh this reminds me. I need to change --pass to --sign. -- Steve _______________________________________________ Quilt-dev mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/quilt-dev
