Shawn O. Pearce wrote: > I just read the GnuPG manual and you are obviously correct. The only > way to get GnuPG to process a key is to load it onto a keyring. > We could extract the armored (or binary) public key and load it > onto a temporary keyring created just for the purpose of verifying > this connection, but that's rather messy. It should be fine just to throw the lot into a single keyring, and just check which key verified it after the fact and whether that key was allowed. The Perl Crypt::OpenPGP module doesn't suffer from this problem (and is performant), though it suffers from a dependency stack that will hurt everyone except Debian users ;-). I think this is a non-issue. >> $ gpg --keyring path/to/the/keyring.gpg --quiet --batch --status-fd 1 --verify some-file.tar.gz.gpg 2>|/dev/null >> [GNUPG:] SIG_ID dw0VliO0DFjOQA3HUSHijYekQYY 2008-01-29 1201633002 >> [GNUPG:] GOODSIG BC6AFB5BA1EE761C Pierre Habouzit <pierre.habouzit@xxxxxxxxxxxxxxxxx> >> [GNUPG:] VALIDSIG 72B4C59ADA78D70E055C129EBC6AFB5BA1EE761C 2008-01-29 1201633002 0 3 0 17 2 00 72B4C59ADA78D70E055C129EBC6AFB5BA1EE761C ^^^ there GPG just told you which key was used. >> [GNUPG:] TRUST_ULTIMATE Sam. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
