Gpg / Verify Detached Signature With Public Key File
Verify Detached Signature With Public Key File
Command to verify a detached signature against a data file using a public key.
gpg --dearmor -o <path/to/pubkey.gpg> <path/to/pubkey.txt> && gpgv --keyring <path/to/pubkey.gpg> <path/to/signature.asc> <path/to/data_file>gpg --dearmor -o <path/to/pubkey.gpg> <path/to/pubkey.txt> && gpgv --keyring <path/to/pubkey.gpg> <path/to/signature.asc> <path/to/data_file>#!/bin/bash
# Verify Detached Signature With Public Key File
gpg --dearmor {{[-o|--output]}} {{path/to/pubkey.gpg}} {{path/to/pubkey.txt}} && gpgv --keyring {{path/to/pubkey.gpg}} {{path/to/signature.asc}} {{path/to/data_file}}When To Use
During a software distribution validation process.
Pro Tip
Use the `--batch` option to suppress prompts for unattended verification in CI environments.
Anatomy of Output
Understanding the result
gpg: signature made Fri 01 Jan 2021 12:00:00 PM UTC using RSA key ID ABCD1234 Signature Info Indicates the date the signature was generated and the key used.
gpg: Good signature from "John Doe <john@example.com>" Signature Status Confirms the integrity and authenticity of the data.
gpg: 3 signatures not checked due to missing keys Missing Keys Warning indicating other signatures could not be verified.
Troubleshooting
Common pitfalls
gpg: no valid OpenPGP data found.
Solution: Ensure the input file is a valid GPG key file.
gpgv: Signature verification failed.
Solution: Check if the public key corresponds to the key used to sign the data.
gpg: cleartext signature, signature not checked.
Solution: Use the `--verify` option with the correct file paths.
Command Breakdown
What each part is doing
-
gpg - Base Command
- The executable that performs this operation. Here it runs Gpg before the shell applies any redirect operators.
-
-o - o| output
- The value supplied for o| output.
-
<path/to/pubkey.gpg> - path to pubkey.gpg
- The value supplied for path to pubkey.gpg.
-
<path/to/pubkey.txt> - path to pubkey.txt
- The value supplied for path to pubkey.txt.
-
<path/to/signature.asc> - path to signature.asc
- The value supplied for path to signature.asc.
-
<path/to/data_file> - Input Files
- The file path or paths supplied to this command.
-
--dearmor - Command Option
- Tool-specific option used by this command invocation.
-
-o - Command Option
- Tool-specific option used by this command invocation.
-
--keyring - Command Option
- Tool-specific option used by this command invocation.
Alternative Approaches
Comparable commands in other tools
Alternative security tools for the same job.
nettacker --ping-before-scan -m <port_scan,subdomain_scan,waf_scan,...> -g <80,443> -i <owasp.org> Freshclam / Update Virus Definitions Clamav freshclam Secret Tool / Retrieve Password secret-tool lookup key <key> John / Show Passwords Cracked john --show <path/to/hashes.txt> John / Crack Password Hashes Custom Wordlist john --wordlist=<path/to/wordlist.txt> <path/to/hashes.txt>