Best way to catch INSECURE unverified sig status when shelling out to gpg?

Grant Olson kgo at grant-olson.net
Sun Feb 10 00:09:49 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I'm currently writing a plugin that allows you to OpenPGP sign/verify
ruby software packages:

https://github.com/grant-olson/rubygems-openpgp

Right now I'm just shelling out to gpg and checking the status code to
determine success or failure.  When I have an unverified but good
signature I don't get an error code.

What is the best way to check for this?  I presume something like
stdout.include?("INSECURE") is not localization friendly.

Thanks,

- -- 
- -Grant

"Look around! Can you construct some sort of rudimentary lathe?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAwAGBQJRFtc4AAoJEP5F5V2hilTWCcwIAJoMsbwQ1GikobJD5vnnPwG9
+UmU5ZNKW6gNLDru28/a3VZNKgzdViaCHSfL8XNbm+CzioycImppQvMzliRwminT
filk7KYwnBmMJLEq8Nt1tY93L9Bl+6lWdmDvDRzOyEYpv3iWB8uBd37CacodXiV3
tM3lM0m04A4E/+QDsZ+2tHMzrcuz2gcFPKUC6nh2LzT+0tfsVA1SWQb3Z+3jdvEN
Dn+mE+NyazxgcTcF+syJiRFXza1nFDkQhdkiS4e6wFzvxqLmxJQfoH2Nj18zt6OM
SjZDEmzafnrDl7qxQtCaABH2+cP/CvOLki93YV9nOEQ9nwRAkVy3I73/Iajmw1g=
=+EnS
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list