gpgv2 is an OpenPGP signature verification tool.
This program is actually a stripped-down version of
gpg which is
only able to check signatures. It is somewhat smaller than the fully-blown
gpg and uses a different (and simpler) way to check that
the public keys used to make the signature are valid. There are
no configuration files and only a few options are implemented.
gpgv2 assumes that all keys in the keyring are trustworthy.
That does also mean that it does not check for expired or revoked
By default a keyring named trustedkeys.kbx is used; if that
does not exist a keyring named trustedkeys.gpg is used. The
default keyring is assumed to be in the home directory of GnuPG,
either the default home directory or the one set by an option or an
environment variable. The option
--keyring may be used to
specify a different keyring or even multiple keyrings.
gpgv2 recognizes these options:
nand not to stderr.
On Windows systems it is possible to install GnuPG as a portable application. In this case only this command line option is considered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows, create an empty file name gpgconf.ctl in the same directory as the tool gpgconf.exe. The root of the installation is than that directory; or, if gpgconf.exe has been installed directly below a directory named bin, its parent directory. You also need to make sure that the following directories exist and are writable: ROOT/home for the GnuPG home and ROOT/usr/local/var/cache/gnupg for internal cache files.
The program returns 0 if everything is fine, 1 if at least one signature was bad, and other error codes for fatal errors.
sigfileis the detached signature (either ASCII-armored or binary) and
datafilecontains the signed data; if
datafileis "-" the signed data is expected on
datafileis not given the name of the file holding the signed data is constructed by cutting off the extension (".asc", ".sig" or ".sign") from