Re: issue 4587: Verifying multiple OpenPGP signatures on a release

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: Thu, 13 Aug 2015 13:08:34 +0100

Andreas Stieger wrote:
> The following splits and verifies all signatures:
> csplit --elide-empty-files --prefix=sig --suffix-format=%0d2.asc subversion-1.9.0.tar.bz2.asc '/^-----BEGIN PGP SIGNATURE-----$/' '{*}'
> for X in sig*.asc; do gpg --verify $X subversion-1.9.0.tar.bz2; done

Yes, that works, even though you seem to have a typo: you probably
meant --suffix-format=%02d.asc.

However, a good solution would be easy and reliable for novice users,
and would work on a wide range of operating systems.

> The same could be done in awk.

Yes.

> In 2013 gpg was noted to not support multiple signatures if the signing keys differ in type/digest:
> http://www.eyrie.org/~eagle/journal/2013-01/011.html

Yes, I noted that in the issue, and I pointed to a thread where that
was briefly discussed.

- Julian
Received on 2015-08-13 20:11:02 CEST

This message: [ Message body ]
Next message: Julian Foad: "Re: Review of sizeof usage"
Previous message: Stefan Fuhrmann: "Re: Review of sizeof usage"
In reply to: Andreas Stieger: "issue 4587: Verifying multiple OpenPGP signatures on a release"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]