GPGME: What does ‘0’ (zero) ‘signature.summary’ value mean?

Ben Finney ben+freesoftware at
Fri Apr 12 09:30:41 CEST 2024


What is the meaning of a GPGME `signature` result with `summary` value 0

The `verify` operation returns (among other things) a collection of
`signature` results derived from the input data. Each `signature` is of
type `gpgme_signature_t`; that object has a `summary` attribute, of type

The value of `gpgme_sigsum_t` is a bitmap structure; the
`gpgme_signature_t` documentation describes all the meanings of those

>From my reading of that documentation, zero is not a meaningful
`gpgme_sigsum_t` value; the value should either have the
`GPGME_SIGSUM_VALID` bit set (if the signature is valid), or some other
combination of bits should be set. A zero `summary` (with no bits set)
does not seem a possible result from that library.

When I use the `verify` operation [0] (passing an inline signed data
stream, read from a text file), the result is meaningful: no error, the
`signature` results have the expected keys and timestamp etc, but each
has a `summary` value of 0.

What does this value mean; what user-level meaning does it represent?

How is `summary` value 0 meaning different from `GPGME_SIGSUM_VALID`?
How is its meaning different from any other possible `summary` value?

[0]: If it matters, I am using the Python PyGPGME wrapper.
    From what I can tell the wrapper is simply exposing the GPGME
    interface with Python objects, so I believe the questions above are
    all about the underlying GPGME library API.

 \      “A thing moderately good is not so good as it ought to be.
  `\    Moderation in temper is always a virtue; but moderation in
_o__)                   principle is always a vice.” —Thomas Paine
Ben Finney

More information about the Gnupg-devel mailing list