Return codes of unsuccessful gpg --verify

Jody McIntyre jodym@oeone.com
Sat Aug 18 22:04:01 2001


--O5XBE6gyVG5Rl6Rj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I am using gpg to verify a signed XML file from a Perl script.  I have been
relying on the return code to inform me if verification has been successful.
However, when the data is simply stored, not signed, verification returns 0
despite nothing being verified:

[jodym@jodym1 bla]$ gpg --store Packages.xml
[jodym@jodym1 bla]$ gpg --verify Packages.xml.gpg=20
[jodym@jodym1 bla]$ echo $?
0

Compare this to the behaviour for a BAD signature:

[jodym@jodym1 bla]$ gpg --sign Packages.xml

You need a passphrase to unlock the secret key for
user: "Jody McIntyre <jodym@oeone.com>"
1024-bit DSA key, ID E2B11082, created 2000-11-27

[jodym@jodym1 bla]$ vi Packages.xml.gpg   # Corrupt the file =20
[jodym@jodym1 bla]$ gpg --verify Packages.xml.gpg
gpg: Signature made Sat 18 Aug 2001 03:32:24 PM EDT using DSA key ID E2B110=
82
gpg: BAD signature from "Jody McIntyre <jodym@oeone.com>"
[jodym@jodym1 bla]$ echo $?
1

Is there any reliable way to determine if a package could be verified?  Do
I need to look for "Good signature" in gpg's output?

Thanks,
Jody
--=20
Jody McIntyre, jodym@oeone.com - OEone Corporation, Hull, Quebec, Canada

--O5XBE6gyVG5Rl6Rj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjt+ydoACgkQ8Lxwe+KxEIKHoQCgr1WbtS5Xv9THyvzGnBL7lGE6
VVQAmwZzffJM56pzUu+j/0u7Fa//qFsQ
=Me+H
-----END PGP SIGNATURE-----

--O5XBE6gyVG5Rl6Rj--