Fwd: (No Subject)

Jeff Hanson jhansonxi at gmail.com
Wed Jan 2 22:33:44 CET 2013 

Re: Obtain a signature ID with only a sig file?

Thanks.  Based on that this also worked:
wget http://<detached sig>.gpg --output-document=- | gpg --verify -
/dev/null


I'm writing a kickstart script for Ubuntu and needed a way to test a
repository connection before using apt.  The problem with apt is that it
doesn't have a way to test for connectivity with a specific repository.  I
wanted to test for connectivity of a newly added repo by downloading the
smallest verifiable file available (because of ISP data transfer caps)  and
the Release.gpg is best target I've found.  Even better is being able to
get a verifiable key ID without having to make a temporary file.  I'm not
worried about verifying the Release list since apt will download that and
it's own copy of the sig for verification.  I just wanted to catch 404
error pages and the like without having apt download the package lists of
every repo (many MB each).


---------- Forwarded message ----------
From: Anonymous Remailer (austria) <mixmaster at remailer.privacy.at>
Date: Wed, Jan 2, 2013 at 3:17 PM
Subject: (No Subject)
To: jhansonxi at gmail.com, gnupg-users at gnupg.org



Jeff Hanson wrote:

> Is there a way to obtain the signature ID from
> a detached sig file without the signed file?
> I haven't been able to get anything out
> of gpg without both files present.
>


echo|gpg --verify detached.sig -


follow:

$ gpg -b -u testkey foobar

$ gpg --verify foobar.sig
gpg: Signature made 01/02/13 00:00:00 using DSA key ID DEADBEEF
gpg: Good signature from "testkey (testkey)"

$ del foobar

$ echo|gpg --verify foobar.sig -
gpg: Signature made 01/02/13 00:00:00 using DSA key ID DEADBEEF
gpg: BAD signature from "testkey (testkey)"

$ gpg --delete-secret-and-public-key testkey

sec  1024D/DEADBEEF 2013-01-02 testkey (testkey)

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

pub  1024D/DEADBEEF 2013-01-02 testkey (testkey)

Delete this key from the keyring? (y/N) y

$ echo|gpg --verify foobar.sig -
gpg: Signature made 01/02/13 00:00:00 using DSA key ID DEADBEEF
gpg: Can't check signature: public key not found

$
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130102/d7b37b2b/attachment.htm>

More information about the Gnupg-users mailing list