GPGME: What does ‘0’ (zero) ‘signature.summary’ value mean?

Ben Finney ben+freesoftware at benfinney.id.au
Mon Apr 15 06:01:21 CEST 2024 

Werner Koch via Gnupg-devel <gnupg-devel at gnupg.org> writes:

> There might be a bug in the code. We have not touched it in the last
> 20 years, though.

Thank you, I hope it's a simple as a bug.

> […] there are cases - depending on the signature validity and the
> error code when SUM might still be zero. A new error code emitted by
> gpg could result in this behaviour.
>
> Do you have an example?

Included in this message is a Python program ‘verify_test.py’. That
program makes use of the ‘python-gpg’ library, the Python wrapper of
GPGME.

The program includes inline a clear-signed message, and when run it will
use ‘gpg.Context.verify’ to verify the message. It then reports the
result of that call.

Here is the session where I run the program:

=====
$ python3 verify_test.py
GnuPG verify message from file ‘<inline literal text>’:
‘gpg.Context.verify’ returned result: VerifyResult(file_name=None,
is_mime=0, signatures=[Signature(chain_model=False, exp_timestamp=0,
fpr='6159E0F29E2FA412E0795C73F9B46AAC84420C82', hash_algo=8,
is_de_vs=False, key=None, notations=[], pka_address=None, pka_trust=0,
pubkey_algo=1, status=0, summary=0, timestamp=1713137533, validity=0,
validity_reason=0, wrong_key_usage=False)])
Signature at index 0: Signature(chain_model=False, exp_timestamp=0,
fpr='6159E0F29E2FA412E0795C73F9B46AAC84420C82', hash_algo=8,
is_de_vs=False, key=None, notations=[], pka_address=None, pka_trust=0,
pubkey_algo=1, status=0, summary=0, timestamp=1713137533, validity=0,
validity_reason=0, wrong_key_usage=False)
=====

You can see that the ‘verify’ call succeeds (no error is raised), and
there is a single attached Signature.

That Signature, though it has a valid timestamp and fingerprint, has ‘0’
for all of ‘pka_trust’, ‘status’, ‘summary’, ‘validity’, and
‘validity_reason’.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: verify_test.py
Type: text/x-python
Size: 2608 bytes
Desc: Python program ?verify_test.py?, to demonstrate signature verification
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240415/316b6064/attachment-0001.py>
-------------- next part --------------

-- 
 \      “When I was born I was so surprised I couldn't talk for a year |
  `\                                        and a half.” —Gracie Allen |
_o__)                                                                  |
Ben Finney

More information about the Gnupg-devel mailing list