GPGME: Signature summary

Werner Koch wk at gnupg.org
Fri Oct 16 12:31:01 CEST 2009


On Thu, 15 Oct 2009 18:12, mat69 at gmx.net said:

> It should probably be something like:
>
>   /* Calculate the red/green flag.  */
>   if (sig->validity == GPGME_VALIDITY_FULL
>       || sig->validity == GPGME_VALIDITY_ULTIMATE)
>     {
>       if (gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
> 	sum |= GPGME_SIGSUM_VALID;

Nope.  Check the definition:

  @item GPGME_SIGSUM_VALID
  The signature is fully valid.

  @item GPGME_SIGSUM_GREEN
  The signature is good but one might want to display some extra
  information.  Check the other bits.

If you set the VALID flag here you would need to reset it later if any
other special conditions are figured out.  For example later you see:

  /* Check other flags. */
  if (sig->wrong_key_usage)
    sum |= GPGME_SIGSUM_BAD_POLICY;
  
This sets another bit and thus the VALID flag is not anymore correct.
GREEN says: Fine, but check the other flags.  GREEN/RED is a simple
thumb up/down indicator to give a basic indication on the status of a
signature.  In contrast, VALID says: The system has no doubts whatsoever
on the validity of the signature.

Note that there is also an implicit YELLOW status which should be
assumed if neither GREEN or RED is set.  It means that there are not
enough information to say something about the signature status.  KMail
uses these colors to render a frame around the message.

> If you want to check wether GPGME_SIGSUM_GREEN is the only flag set you should 
> do it imo differently, I did not try it though, but I think that it works:

Sure this is the same but some folks may ask: Did you forgot that this
is about a bit vector, so by doing an explicit bit test this makes it
clear ;-).  A reason for this code might be that we once changed the
test and it used to test other bits as well.  I added comment to make
clean what we are doing.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-devel mailing list