The server needs to support the verification of opaque signatures as well as detached signatures. The kind of input sources controls what kind message is to be verified.
This command is used with detached signatures to set the file descriptor
for the signed data to n. The data is binary encoded (used
verbatim). For details on the file descriptor, see the description of
INPUT in the
Set the file descriptor for the opaque message or the signature part of
a detached signature to n. The message send to the server is
either binary encoded or – in the case of OpenPGP – ASCII armored.
For details on the file descriptor, see the description of
Set the file descriptor to be used for the output. The output is binary
encoded and only used for opaque signatures. For details on the file
descriptor, see the description of
INPUT in the
The verification is then started using:
name is the signing protocol used for the message. For a
description of the allowed protocols see the
This argument is mandatory. Depending on the combination of
OUTPUT commands, the server needs
to select the appropriate verification mode:
This indicates a detached signature. Output data is not applicable.
This indicates an opaque signature. As no output command has been given, the server is only required to check the signature.
This indicates an opaque signature. The server shall write the signed data to the file descriptor set by the output command. This data shall even be written if the signatures can’t be verified.
With --silent the server shall not display any dialog; this is for example used by the client to get the content of opaque signed messages. The client expects the server to send at least this status information before the final OK response:
Returns the status for the signature and a short string explaining the status. Valid values for flag are:
The message has a signature but it could not not be verified due to a missing key.
The signature is fully valid.
The signature is valid but additional information was shown regarding the validity of the key.
The signature is not valid.
displaystring is a percent-and-plus-encoded string with a short human readable description of the status. For example
S SIGSTATUS green Good+signature+from+Keith+Moon+<email@example.com>
Note that this string needs to fit into an Assuan line and should be short enough to be displayed as short one-liner on the clients window. As usual the encoding of this string is UTF-8 and it should be send in its translated form.
The server shall send one status line for every signature found on the message.