[PATCH] improve documentation about VALIDSIG
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jul 7 18:00:16 CEST 2015
* doc/DETAILS: improve documentation about VALIDSIG
the claim that VALIDSIG is the same as GOODSIG is simply wrong.
Attempt to clarify it. Also, the paragraph about primary-key-fpr and
sig-version was weirdly re-ordered during the org-mode conversion in
65eb98966a569a91c97d0c23ba5582a9a7558de0; repair it.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
doc/DETAILS | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/doc/DETAILS b/doc/DETAILS
index d1f7394..23a5420 100644
@@ -408,12 +408,15 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- [ <primary-key-fpr> ]
- This status indicates that the signature is good. This is the same
- as GOODSIG but has the fingerprint as the argument. Both status
- lines are emitted for a good signature. All arguments here are on
- one long line. sig-timestamp is the signature creation time in
- seconds after the epoch. expire-timestamp is the signature
- expiration time in seconds after the epoch (zero means "does not
+ This status indicates that the signature is cryptographically
+ valid. This similar to GOODSIG or EXPSIG or EXPKEYSIG or REVSIG
+ (depending on the date and the state of the signature and signing
+ key) but has the fingerprint as the argument. Multiple status
+ lines (VALIDSIG and the other appropriate *SIG status) are emitted
+ for a valid signature. All arguments here are on one long line.
+ sig-timestamp is the signature creation time in seconds after the
+ epoch. expire-timestamp is the signature expiration time in
+ seconds after the epoch (zero means "does not
expire"). sig-version, pubkey-algo, hash-algo, and sig-class (a
2-byte hex value) are all straight from the signature packet.
PRIMARY-KEY-FPR is the fingerprint of the primary key or identical
@@ -421,8 +424,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
key without running gpg again for this purpose.
The primary-key-fpr parameter is used for OpenPGP and not
- class is not defined for CMS and currently set to 0 and 00.
available for CMS signatures. The sig-version as well as the sig
+ class is not defined for CMS and currently set to 0 and 00.
Note, that *-TIMESTAMP may either be a number of seconds since
Epoch or an ISO 8601 string which can be detected by the presence
More information about the Gnupg-devel