Next: , Previous: , Up: Command-line commands   [Contents][Index]

17.4.78 verify_detached

Command: verify_detached [--skip-sig] file signature_file [pubkey_file]

Verifies a GPG-style detached signature, where the signed file is file, and the signature itself is in file signature_file. Optionally, a specific public key to use can be specified using pubkey_file. When environment variable check_signatures is set to enforce, then pubkey_file must itself be properly signed by an already-trusted key. An unsigned pubkey_file can be loaded by specifying --skip-sig. If pubkey_file is omitted, then public keys from GRUB’s trusted keys (see list_trusted, see trust, and see distrust) are tried.

Exit code $? is set to 0 if the signature validates successfully. If validation fails, it is set to a non-zero value. See Using digital signatures, for more information.