|
|
|
|
|
|
by figmert
115 days ago
|
|
|
One of my use-cases previously has been enforcing ultimate or fully trust of a gpg signature. tmpfifo="$(mktemp -u -t gpgverifyXXXXXXXXX)"
gpg --status-fd 3 --verify checksums.txt.sig checksums.txt 3>$tmpfifo
grep -Eq '^\[GNUPG:] TRUST_(ULTIMATE|FULLY)' $tmpfifo
It was a while ago since I implemented this, but iirc the reason for that was to validate that the key that has signed this is actually trusted, and the signature isn't just cryptographically valid.You can also redirect specific file descriptors into other commands: gpg --status-fd 3 --verify checksums.txt.sig checksums.txt 3>(grep -Eq '^\[GNUPG:] TRUST_(ULTIMATE|FULLY)')
|
|
|