5
I want to programmatically determine who has signed a GPG clear sign file. Running gpg --verify will tell me this, but it does so in a human-readable format. Is it possible to get this result in a machine-readable format?
I am not looking for methods to parse the human readable format, as it may change in future GPG versions. I need a robust solution.
jornane
Posted 2014-05-19T18:26:15.053
Reputation: 977
11
For this, GnuPG has the machine-readable --status-fd format:
^ gpg --status-fd=1 --verify test.asc
gpg: Signature made Sat 01 Feb 2014 19:37:53 EET using RSA key ID C1B52632
[GNUPG:] SIG_ID LI0kgmtHFCacIrSKM9uxpc3B2jI 2014-02-01 1391276273
[GNUPG:] GOODSIG D24F6CB2C1B52632 Mantas Mikulėnas <grawity@nullroute.eu.org>
gpg: Good signature from "Mantas Mikulėnas <grawity@nullroute.eu.org>"
gpg: aka "Mantas Mikulėnas <grawity@gmail.com>"
[GNUPG:] NOTATION_NAME issuer-fpr@notations.openpgp.fifthhorseman.net
[GNUPG:] NOTATION_DATA 2357E10CEF4F7ED27E233AD5D24F6CB2C1B52632
[GNUPG:] VALIDSIG 2357E10CEF4F7ED27E233AD5D24F6CB2C1B52632 2014-02-01 1391276273 0 4 0 1 2 00 2357E10CEF4F7ED27E233AD5D24F6CB2C1B52632
[GNUPG:] TRUST_ULTIMATE
The output format is documented in doc/DETAILS. (The messages are intermixed with human-readable ones because I pointed gpg to fd #1, aka stdout. A program could easily use two separate fd's for this purpose, e.g. using pipe().)
user1686
Posted 2014-05-19T18:26:15.053
Reputation: 283 655
Note to self, and others that are interested: --with-colons is useful for parsing key output, such as --list-keys. – jornane – 2016-01-14T08:34:18.797
Thanks! I was playing around with --with-colons the whole time, which didn't work. – jornane – 2014-05-19T18:50:56.663
What exactly do you feel is the difference between human readable and machine readable? Honestly in either case a parser has to be written. Seems sort of trivial to parse the data returned by that command. – Ramhound – 2014-05-19T18:29:14.033
1@Ramhound: The difference is that human-readable outputs vary depending on program version, system language, date format, locale (character set)... The parser would therefore need to be several times more complex. – user1686 – 2014-05-19T18:32:26.147
@grawity - Alright. My statement was to see if I could get provided clarification so the question is clear. I could generate a parser without a problem, everything you list, would remain the same for anything I wrote. – Ramhound – 2014-05-19T18:38:23.700
1
For example, the keybase-client code at first tried to parse the human-readable format, but ended up having to account for timezones (the output contains local time); different amounts of information between versions ("skip arbitrarily many lines"); user's settings (long vs short vs 0xlong vs 0xshort key IDs)... The new code is about the same size, but is easier to understand, obtains more information, and it's more-or-less promised that the output format will remain the same.
– user1686 – 2014-05-19T18:38:26.073In other words, it's a choice between writing robust code, and "not a bug, it works on MY machine". – user1686 – 2014-05-19T18:40:51.923