Hallo,
2012-12-15 um 17:12:54 schrieb Peter Samuelson:
> You're right, in gpgv, it appears you _can't_ suppress the default
> keyring, ~/.gnupg/trustedkeys.gpg. So either ensure that this file
> does not exist, or set HOME or GNUPGHOME or --homedir to a location
> where it will not exist.
$ stra
[Timo Juhani Lindfors]
> Peter Samuelson writes:
> > Note that this adds a keyring to the current list. If the intent
> > is to use the specified keyring alone, use --keyring along with
> > --no-default-keyring.
>
> You probably read "man gpg" but gpgv is simpler:
>
> gpgv: Invalid
Peter Samuelson writes:
> Note that this adds a keyring to the current list. If the intent
> is to use the specified keyring alone, use --keyring along with
> --no-default-keyring.
You probably read "man gpg" but gpgv is simpler:
gpgv: Invalid option "--no-default-keyring"
--
To U
[Timo Juhani Lindfors]
> Is
>
> /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig
> chmod a+x file
> ./file
>
> still a safe way to ensure that only code signed by a key in trusted.gpg
> gets executed?
>From the manpage:
Note that this adds a keyring to the current l
* Ansgar Burchardt [121214 16:18]:
> 2, Not asking gpg to verify signatures:
>
> I also found packages that call gpg in the form "gpg $file" and expect
> gpg to verify the signature on $file and output the signed data. Indeed
> it does so for *signed* files, but if you just give it unsigned data
Ansgar Burchardt writes:
> I recently looked at several packages using gpg to verify signatures
Thanks for your work! Please try to raise this upstream so that they can
provide proper interfaces.
Is
/usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig
chmod a+x file
./file
6 matches
Mail list logo
