I am trying to write a bash script that checks if a given signature is valid or not. I have two possible outputs from:
$ gpg --no-default-keyring --keyring /etc/pubring.gpg --verify file.tgz.sig file.tgz
WRONG
gpg: Signature made Tue 05 Apr 2011 11:01:19 CEST using RSA key ID E32804F0
gpg: Can't check signature: public key not found
RIGHT
gpg: Signature made Tue 05 Apr 2011 11:01:19 CEST using RSA key ID E32804F0
gpg: Good signature from "Test key <test@localhost>"
How I can detect if the checking was right without having to parse the result.
This question is similar to Verify GPG file signature with Perl but II would like to do that in bash (or if very needed Python.)
I don't know the gpg command but does it return a different exit value for the "wrong" and "right" results? The easiest way to check this after running the command would be:
echo $?
I would expect it to return 0 if everything is OK and something else if not. So your bash script would look like:
gpg --no-default-keyring --keyring /etc/pubring.gpg --verify file.tgz.sig file.tgz
if [ $? -eq 0 ]
then
echo All is well.
else
echo Problem with signature.
fi