gpgv

Simplified OpenPGP signature verifier

TLDR

Verify a signed file

$ gpgv [file.sig]

Verify detached signature

$ gpgv [file.sig] [file]

Use specific keyring

$ gpgv --keyring [keyring.gpg] [file.sig]

Verbose verification

$ gpgv -v [file.sig]

Quiet mode

$ gpgv -q [file.sig]

SYNOPSIS

gpgv [options] [sigfile] [files]

gpgv is a stripped-down version of gpg designed solely for verifying OpenPGP signatures. It assumes all keys in the keyring are trustworthy and does not check for expired or revoked keys.
By default, it uses the trustedkeys.kbx or trustedkeys.gpg keyring in the GnuPG home directory. It is commonly used in package managers and automated verification scripts where trust is pre-established.

PARAMETERS

-v, --verbose

More information during processing.

-q, --quiet

Try to be as quiet as possible.

--keyring file

Use specified keyring.

--homedir dir

GnuPG home directory.

--ignore-time-conflict

Turn timestamp checks into warnings.

--weak-digest name

Treat digest as weak.

--status-fd n

Write status strings to file descriptor.

CAVEATS

Returns 0 if verification succeeds, 1 if any signature is bad, and other codes for fatal errors. Unlike gpg, gpgv does not validate key trust.