Revoked keys and validating S/MIME sigs on the command line
David Shaw
dshaw@jabberwocky.com
Wed Jul 23 02:38:02 2003
--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jul 22, 2003 at 08:53:59PM +0100, Neil Williams wrote:
> GnuPG doesn't indicate if a signature has been made using a key that
> has been later revoked in the --verify option.
>=20
> Shouldn't this be displayed? As a revoked key, it may have been compromis=
ed=20
> and the signature could therefore be false.
>=20
> All I get is:
> The signature is valid, but the key's validity is unknown.
That's a Kmail error message.
GnuPG does this when verifying a signature from a revoked key:
gpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forgery.
Kmail may or may not show that to you, but GnuPG certainly makes it
clear.
David
--IJpNTDwzlM2Ie8A6
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/HdlH4mZch0nhy8kRAiF+AJ9Qp1sxchA+10U3ytlW9uEScSrP3QCgzrr1
6LT/0RdPzobZeAwicSEf42U=
=pL5P
-----END PGP SIGNATURE-----
--IJpNTDwzlM2Ie8A6--