xenial (1) gpgv2.1.gz

Provided by: gpgv2_2.1.11-6ubuntu2.1_amd64 bug

NAME
       gpgv2 - Verify OpenPGP signatures


SYNOPSIS
       gpgv2 [options] signed_files


DESCRIPTION
       gpgv2 is an OpenPGP signature verification tool.

       This  program  is  actually  a stripped-down version of gpg which is only able to check signatures. It is
       somewhat smaller than the fully-blown gpg and uses a different (and simpler) way to check that the public
       keys  used  to  make the signature are valid. There are no configuration files and only a few options are
       implemented.

       gpgv2 assumes that all keys in the keyring are trustworthy.  That does also mean that it does  not  check
       for expired or revoked keys.

       By  default  a  keyring  named  ‘trustedkeys.kbx’  is  used;  if  that  does  not  exist  a keyring named
       ‘trustedkeys.gpg’ is used.  The default keyring is assumed to be in the home directory of  GnuPG,  either
       the  default home directory or the one set by an option or an environment variable.  The option --keyring
       may be used to specify a different keyring or even multiple keyrings.


RETURN VALUE
       The program returns 0 if everything is fine, 1 if at least one signature was bad, and other  error  codes
       for fatal errors.


OPTIONS
       gpgv2 recognizes these options:

       --verbose

       -v     Gives more information during processing. If used twice, the input data is listed in detail.

       --quiet

       -q     Try to be as quiet as possible.

       --keyring file
              Add  file to the list of keyrings.  If file begins with a tilde and a slash, these are replaced by
              the HOME directory. If the filename does not contain a slash, it is assumed to  be  in  the  home-
              directory ("~/.gnupg" if --homedir is not used).

       --status-fd n
              Write  special status strings to the file descriptor n.  See the file DETAILS in the documentation
              for a listing of them.

       --logger-fd n
              Write log output to file descriptor n and not to stderr.

       --ignore-time-conflict
              GnuPG normally checks that the timestamps associated  with  keys  and  signatures  have  plausible
              values.  However, sometimes a signature seems to be older than the key due to clock problems. This
              option turns these checks into warnings.

       --homedir dir
              Set the name of the home directory to dir. If this option is not used, the home directory defaults
              to  ‘~/.gnupg’.  It is only recognized when given on the command line.  It also overrides any home
              directory stated through the environment variable ‘GNUPGHOME’ or (on Windows systems) by means  of
              the Registry entry HKCU\Software\GNU\GnuPG:HomeDir.

              On  Windows  systems it is possible to install GnuPG as a portable application.  In this case only
              this command line option is considered, all other ways to set a home directory are ignored.

              To install GnuPG as a portable application under Windows, create an empty file name  ‘gpgconf.ctl’
              in  the  same  directory  as  the  tool  ‘gpgconf.exe’.  The root of the installation is than that
              directory; or, if ‘gpgconf.exe’ has been installed directly below a  directory  named  ‘bin’,  its
              parent  directory.   You  also  need  to  make  sure  that the following directories exist and are
              writable: ‘ROOT/home’ for the GnuPG home and ‘ROOT/var/cache/gnupg2’ for internal cache files.

       --weak-digest name
              Treat the specified digest algorithm as weak.  Signatures made over weak  digests  algorithms  are
              normally  rejected.  This  option  can be supplied multiple times if multiple algorithms should be
              considered weak.  MD5 is always considered weak, and does not need to be listed explicitly.


EXAMPLES
       gpgv2 pgpfile

       gpgv2 sigfile [datafile]
              Verify the signature of the file. The second form is used for detached signatures,  where  sigfile
              is  the detached signature (either ASCII-armored or binary) and datafile contains the signed data;
              if datafile is "-" the signed data is expected on stdin; if datafile is not given the name of  the
              file  holding  the  signed  data  is  constructed  by cutting off the extension (".asc", ".sig" or
              ".sign") from sigfile.


FILES
       ~/.gnupg/trustedkeys.gpg
              The default keyring with the allowed keys.


ENVIRONMENT
       HOME   Used to locate the default home directory.

       GNUPGHOME
              If set directory used instead of "~/.gnupg".


SEE ALSO
       gpg2(1)

       The full documentation for this tool is maintained as a Texinfo manual.  If GnuPG and  the  info  program
       are properly installed at your site, the command

         info gnupg

       should give you access to the complete manual including a menu structure and an index.