Are there cases where gpg --verify will exit 0, even if verification failed?

Patrick Schleizer patrick-mailinglists at whonix.org
Wed Jan 14 17:40:34 CET 2015


Werner Koch:
> On Wed, 14 Jan 2015 14:40, dkg at fifthhorseman.net said:
> 
>> gpg does use the return code to indicate failure of signature
>> verification.
> 
> But recall that success does not mean that the signature is good.
> Check the status output or use gpgv.

Do you mean, for example, the signature could be valid, but the key that
signed it could be revoked and gpg would still exit 0?

Or can you tell another example please where gpg would exit 0, but where
where the signature is bad?




More information about the Gnupg-users mailing list