What does `sig!3' mean in the output of `gpg --check-sigs'?

Neil Williams linux at codehelp.co.uk
Tue Jul 6 22:13:57 CEST 2004

On Friday 02 July 2004 6:04, Eric Hanchrow wrote:
> In particular, what do the exclamation point and the 3 mean?

The exclamation mark is only produced on --check-sigs, it's absent on 
--list-sigs so it's an indication that the signature is good. All signatures 
with --check-sigs should have the ! because signatures made by keys not in 
your key ring are excluded.

The digit is the indication of how much verification took place before signing 
- when you sign a key, GnuPG asks you how carefully you verified the key, 3 
is the highest level - very careful checking. As the man page describes, this 
is a personal thing and one person's definition of 'very careful' might not 
match yours. Personally, I mean: I checked the fingerprint against a printed 
copy given to me face-to-face by the keyholder who proved his/her identity 
using recognised photo ID (passport, driving licence etc.) and the email 
address was verified by correspondence.

0 means you make no particular claim as to how carefully you verified the key.

                 1 means you believe the key is owned by the person who claims 
to own it but you could not, or did  not verify  the  key  at  all.   This  
is useful for a "persona" verification, where you sign the key of a 
pseudonymous user.

                 2 means you did casual verification of the key.  For example, 
this could mean that you  verified  that the key fingerprint and checked the 
user ID on the key against a photo ID.

                 3 means you did extensive verification of the key.  For 
example, this could mean that you verified the key fingerprint with the owner 
of the key in person, and that you checked, by means of a hard to forge 
document  with  a photo ID (such as a passport) that the name of the key 
owner matches the name in the user ID on the key, and finally that you 
verified (by exchange of email) that the email address on the key belongs to 
the key owner.

                 Note  that  the examples given above for levels 2 and 3 are 
just that: examples.  In the end, it is up to you to decide just what 
"casual" and "extensive" mean to you.

From this section of the manpage:
      --default-cert-check-level n


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040706/2f876b7e/attachment-0001.bin

More information about the Gnupg-users mailing list