1 @c Copyright (C) 2004 Free Software Foundation, Inc.
2 @c This is part of the GnuPG manual.
3 @c For copying conditions, see the file GnuPG.texi.
6 @c This is included by tools.texi.
11 @c Begin standard stuff
15 @section Verify OpenPGP signatures
18 \- Verify OpenPGP signatures
30 @c Begin gpg2 hack stuff
34 @section Verify OpenPGP signatures
37 \- Verify OpenPGP signatures
47 @c End gpg2 hack stuff
50 @code{@gpgvname} is an OpenPGP signature verification tool.
52 This program is actually a stripped-down version of @code{gpg} which is
53 only able to check signatures. It is somewhat smaller than the fully-blown
54 @code{gpg} and uses a different (and simpler) way to check that
55 the public keys used to make the signature are valid. There are
56 no configuration files and only a few options are implemented.
58 @code{@gpgvname} assumes that all keys in the keyring are trustworthy.
59 That does also mean that it does not check for expired or revoked
62 By default a keyring named @file{trustedkeys.kbx} is used; if that
63 does not exist a keyring named @file{trustedkeys.gpg} is used. The
64 default keyring is assumed to be in the home directory of GnuPG,
65 either the default home directory or the one set by an option or an
66 environment variable. The option @code{--keyring} may be used to
67 specify a different keyring or even multiple keyrings.
72 @code{@gpgvname} recognizes these options:
79 Gives more information during processing. If used
80 twice, the input data is listed in detail.
85 Try to be as quiet as possible.
87 @item --keyring @var{file}
89 Add @var{file} to the list of keyrings.
90 If @var{file} begins with a tilde and a slash, these
91 are replaced by the HOME directory. If the filename
92 does not contain a slash, it is assumed to be in the
93 home-directory ("~/.gnupg" if --homedir is not used).
95 @item --output @var{file}
98 Write output to @var{file}; to write to stdout use @code{-}. This
99 option can be used to get the signed text from a cleartext or binary
100 signature; it also works for detached signatures, but in that case
101 this option is in general not useful. Note that an existing file will
105 @item --status-fd @var{n}
107 Write special status strings to the file descriptor @var{n}. See the
108 file DETAILS in the documentation for a listing of them.
110 @item --logger-fd @code{n}
112 Write log output to file descriptor @code{n} and not to stderr.
114 @item --ignore-time-conflict
115 @opindex ignore-time-conflict
116 GnuPG normally checks that the timestamps associated with keys and
117 signatures have plausible values. However, sometimes a signature seems to
118 be older than the key due to clock problems. This option turns these
119 checks into warnings.
121 @include opt-homedir.texi
123 @item --weak-digest @code{name}
125 Treat the specified digest algorithm as weak. Signatures made over
126 weak digests algorithms are normally rejected. This option can be
127 supplied multiple times if multiple algorithms should be considered
128 weak. MD5 is always considered weak, and does not need to be listed
131 @item --enable-special-filenames
132 @opindex enable-special-filenames
133 This option enables a mode in which filenames of the form
134 @file{-&n}, where n is a non-negative decimal number,
135 refer to the file descriptor n and not to a file with that name.
139 @mansect return value
141 The program returns 0 if everything is fine, 1 if at least
142 one signature was bad, and other error codes for fatal errors.
149 @item @gpgvname @code{pgpfile}
150 @itemx @gpgvname @code{sigfile} [@code{datafile}]
151 Verify the signature of the file. The second form is used for detached
152 signatures, where @code{sigfile} is the detached signature (either
153 ASCII-armored or binary) and @code{datafile} contains the signed data;
154 if @code{datafile} is "-" the signed data is expected on
155 @code{stdin}; if @code{datafile} is not given the name of the file
156 holding the signed data is constructed by cutting off the extension
157 (".asc", ".sig" or ".sign") from @code{sigfile}.
162 @subsection Environment
167 Used to locate the default home directory.
170 If set directory used instead of "~/.gnupg".
179 @item ~/.gnupg/trustedkeys.gpg
180 The default keyring with the allowed keys.
186 @include see-also-note.texi