How to detect extraneous content in clearsigned (--clearsign) files?

[Werner Koch]

On Mon, 12 Jan 2015 19:52, patrick-mailinglists at whonix.org said:

> However, what works for me is this:
>
> gpg --output ./out --verify ./sha512sums.asc

We are both wrong.  --verify does only a verify and nothing else.
Running without --verify writes the actual signed data to the file.

> When it exits 0, then this approach is sound, sane and fine?

You better check the status lines; in particular watch out for

  [GNUPG:] VALIDSIG E4B868C8F90C.....

or use gpgv.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.