5

I want to programmatically determine who has signed a GPG clear sign file. Running gpg --verify will tell me this, but it does so in a human-readable format. Is it possible to get this result in a machine-readable format?

I am not looking for methods to parse the human readable format, as it may change in future GPG versions. I need a robust solution.

Improve this question
5
  • What exactly do you feel is the difference between human readable and machine readable? Honestly in either case a parser has to be written. Seems sort of trivial to parse the data returned by that command.
    – Ramhound
    Commented May 19, 2014 at 18:29
  • 1
    @Ramhound: The difference is that human-readable outputs vary depending on program version, system language, date format, locale (character set)... The parser would therefore need to be several times more complex.
    – grawity_u1686
    Commented May 19, 2014 at 18:32
  • @grawity - Alright. My statement was to see if I could get provided clarification so the question is clear. I could generate a parser without a problem, everything you list, would remain the same for anything I wrote.
    – Ramhound
    Commented May 19, 2014 at 18:38
  • 1
    For example, the keybase-client code at first tried to parse the human-readable format, but ended up having to account for timezones (the output contains local time); different amounts of information between versions ("skip arbitrarily many lines"); user's settings (long vs short vs 0xlong vs 0xshort key IDs)... The new code is about the same size, but is easier to understand, obtains more information, and it's more-or-less promised that the output format will remain the same.
    – grawity_u1686
    Commented May 19, 2014 at 18:38
  • In other words, it's a choice between writing robust code, and "not a bug, it works on MY machine".
    – grawity_u1686
    Commented May 19, 2014 at 18:40

1 Answer 1

Reset to default
11

For this, GnuPG has the machine-readable --status-fd format:

^ gpg --status-fd=1 --verify test.asc
gpg: Signature made Sat 01 Feb 2014 19:37:53 EET using RSA key ID C1B52632
[GNUPG:] SIG_ID LI0kgmtHFCacIrSKM9uxpc3B2jI 2014-02-01 1391276273
[GNUPG:] GOODSIG D24F6CB2C1B52632 Mantas Mikulėnas <[email protected]>
gpg: Good signature from "Mantas Mikulėnas <[email protected]>"
gpg:                 aka "Mantas Mikulėnas <[email protected]>"
[GNUPG:] NOTATION_NAME [email protected]
[GNUPG:] NOTATION_DATA 2357E10CEF4F7ED27E233AD5D24F6CB2C1B52632
[GNUPG:] VALIDSIG 2357E10CEF4F7ED27E233AD5D24F6CB2C1B52632 2014-02-01 1391276273                        0 4 0 1 2 00 2357E10CEF4F7ED27E233AD5D24F6CB2C1B52632
[GNUPG:] TRUST_ULTIMATE

The output format is documented in doc/DETAILS. (The messages are intermixed with human-readable ones because I pointed gpg to fd #1, aka stdout. A program could easily use two separate fd's for this purpose, e.g. using pipe().)

Improve this answer
2
  • Thanks! I was playing around with --with-colons the whole time, which didn't work.
    – jornane
    Commented May 19, 2014 at 18:50
  • Note to self, and others that are interested: --with-colons is useful for parsing key output, such as --list-keys.
    – jornane
    Commented Jan 14, 2016 at 8:34

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .