This task is packaged in commons-openpgp.jar. It will use the BouncyCastle JARs at runtime. It has been tested with bcpg-jdk12-134.jar and bcprov-jdk12-134.jar.
The verifier task can verify one file at a time.
| Attribute | Description | Required |
|---|---|---|
| secring | Secret key ring file. | Yes |
| pubring | Public key ring file. | Yes |
| password | Password of the secret key ring. | Yes |
| asciiarmor | Whether the signature is ASCII armored. Boolean, defaults to true. | No |
| artefact | The file that you want to verify. | Yes |
| verifyproperty | The name of the property that will hold the result of the verification. | Yes |
The task may take a mapper nested element. This nested element tells the task how the signature files should be named. If you do not supply this element, the signature files should be located in the same directory as the file that you verify. An ending of .asc will be used for the file name for ASCII armored input (the default). If you set asciiarmor to false, the ending will be .sig
<project name="test1" xmlns:openpgp="antlib:org.apache.commons.openpgp.ant">
<property environment="env"/>
<taskdef resource="org/apache/commons/openpgp/ant/antlib.xml" uri="antlib:org.apache.commons.openpgp.ant"/>
<openpgp:verifier secring="${env.USERPROFILE}\Application Data\gnupg\secring.gpg"
pubring="${env.USERPROFILE}\Application Data\gnupg\pubring.gpg"
password="secret"
artefact="target\commons-openpgp-1.0-SNAPSHOT.jar"
asciiarmor="true"
verifyproperty="isValidSignature"/>
<echo message="The signature is valid: ${isValidSignature}"/>
</project>