GPGV Command in Linux
GPGV is a command line utility in Linux specifically designed to verify the OpenPGP signatures. This command is a simplified version of the GPG command, which is only limited to check signatures.
The GPGV command doesnt offer the full range of encryption, decryption, or key management. Moreover, it doesnt need configuration files and only supports a few basic options. This makes the GPGV command lightweight for signature verification tasks. In this tutorial, well walk you through various use cases of the gpgv command in Linux.
Table of Contents
Here is a comprehensive guide to the options available with the GPGV command −
- GPGV Command in Linux
- Installation of GPGV Command in Linux
- Syntax of gpgv Command in Linux
- Options gpgv Command
- Examples of gpgv Command in Linux
GPGV Command in Linux
The GPGV command treats all keys in the keyring as reliable/trustworthy. It does not check for expired or revoked keys. If you dont use the --keyring option, it looks for a keyring file called "trustedkeys.kbx" (preferred) or "trustedkeys.gpg". This file is located in GnuPGs home directory.
The home directory can be the default directory, the one set by the --homedir option, or the GNUPGHOME environment variable. If you use the --keyring option, gpgv won't look for the default keyring. You can use the --keyring option with the gpgv command multiple times to include several keyrings.
Installation of GPGV Command in Linux
By default, the gpgv command is not preinstalled on all Linux distributions. However, it is contained by the gnupg or gnupg2 packages. So, we can install it using the following commands −
# Debian-based systems sudo apt install gnupg # Arch Linux sudo pacman -S gnupg # Fedora-based systems sudo dnf install gnupg2
For example, we are using the Ubuntu 24.04, so we run the following command to install gpgv on our system −
sudo apt install gnupg2
Syntax of gpgv Command in Linux
You can run this command by typing gpgv followed by the signed file name. You can also add flags to customize its behavior. The below snippet shows the basic syntax of the gpgv command −
gpgv [options] fileName
It returns one of the three outputs −
- 0 if the verification is successful and the signature is valid.
- 1 if at least one signature is invalid or if the file cannot be verified.
- Other error codes for different types of fatal errors.
Options gpgv Command
The table below shows the options recognized by the gpgv command:
| Option | Description |
|---|---|
| --verbose, -v | It provides extra details during processing, and using it twice lists the input data in greater detail. |
| --quiet, -q | It reduces the output to the minimum level of verbosity. |
| --keyring file | It adds the file to the keyring list. If the file path starts with ~, it expands to the HOME directory. If the filename lacks slashes, it defaults to ~/.gnupg unless --homedir is specified. |
| --status-fd n | It sends status messages to file descriptor n. Check the DETAILS file in the documentation for a list of possible status messages. |
| --logger-fd n | It directs log output to file descriptor n rather than stderr. |
| --ignore-time-conflict | Normally, GnuPG checks timestamps for keys and signatures. This option changes timestamp conflicts into warnings, helpful for clock discrepancies. |
| --homedir dir | It sets the home directory to dir, if not specified, it sets it to default ~/.gnupg. This option overrides the GNUPGHOME environment variable or the Windows Registry entry. |
| --weak-digest name | It marks the specified digest algorithm as weak, as a result, the signatures with it are normally rejected. This option can be used for multiple algorithms. MD5 is always considered weak. |
| --enable-special-filenames | It enables mode where filenames like -&n (with n as a number) are treated as file descriptors rather than file names. |
For more details, you can refer to the official manual page of the stated command:
man gpgv
Examples of gpgv Command in Linux
Lets implement some of the above-mentioned options to learn their usage practically in Linux.
- How to Verify the Signature of a File in Linux?
- How to Verify the Detached Signatures in Linux?
- How to Verify the Signature of a File with a Specific Keyring?
- How to Verify the Signature of a File with Verbose?
- How to Suppress Output with gpgv Command?
How to Verify the Signature of a File in Linux?
Weve already created a signed file named "textFile.txt.gpg". Now, we will run the gpg2 command to verify the signed file:
gpgv textFile.txt.gpg
On successful execution of the command, you will see the output something like this −
gpgv: Signature made Tue 11 Sep 2024 11:00:00 AM UTC gpgv: using RSA key ABCDEFGHIJKLMNOPQRSTUVWXYZ gpgv: Good signature from "tutorialspoint <[email protected]>"
How to Verify the Detached Signatures in Linux?
You can run the following command to verify detached signatures, where exampleSignatureFile is the detached signature and datafile contains the signed data:
gpgv exampleSignatureFile[datafile]
If the datafile is "-", the signed data is read from stdin. If datafile is not provided, it is derived by removing the extension (".asc", ".sig", or ".sign") from exampleSignatureFile.
How to Verify the Signature of a File with a Specific Keyring?
You can run the gpgv command with the --keyring option to specify a specific keyring to use:
gpgv --keyring /path/to/keyring textFile1.txt.gpg
This example demonstrates how to use the gpgv command with a specified keyring to verify the signature of textFile1.txt.gpg.
How to Verify the Signature of a File with Verbose?
You can execute the gpgv command with the --option to get a detailed output:
gpgv --verbose textFile.txt.gpg
This command verifies the signature of textFile.txt.gpg and provides additional information about the verification process.
How to Suppress Output with gpgv Command?
You can use the gpgv command with the --quiet option to suppress output except for errors:
gpgv --quiet textFile.txt.gpg
This command will minimize output and show only errors for the textFile.txt.gpg.
Conclusion
GPGV is a command-line tool in Linux designed for verifying OpenPGP signatures. Unlike the GPG command, GPGV focuses solely on signature verification, without handling encryption, decryption, or key management. It treats all keys in the keyring as trustworthy and does not check for expired or revoked keys. By default, it searches for the keyring file "trustedkeys.kbx" or "trustedkeys.gpg" in the home directory unless a different keyring is specified.
To verify a signature, simply run gpgv followed by the signed file name, adding options if needed. It returns 0 for valid signatures, 1 for invalid ones, and other codes for errors. Available options include --verbose for more details, --quiet for minimal output, and --keyring to specify a custom keyring, among others.