"sig!3" entry vs "sig!" entry on certain GnuPG keys from the PuTTY software site

synth_spring at Safe-mail.net synth_spring at Safe-mail.net
Thu Aug 24 23:28:13 CEST 2006 

The web site for the PuTTY software provides GnuPG keys to verify downloads of the PuTTY software. see http://www.chiark.greenend.org.uk/~sgtatham/putty/keys.html

With these keys imported into the GnuPG public keyring, issuing "gpg --check-sigs" produced the following output (the user name has been redacted):
C:/Documents and Settings/[redacted]/Application Data/gnupg\pubring.gpg
-------------------------------------------------------------------------
pub   1024R/1E34AC41 2000-12-20
uid                  PuTTY Master Key (RSA) <putty-bugs at lists.tartarus.org>
sig!         1E34AC41 2000-12-20  PuTTY Master Key (RSA) <putty-bugs at lists.tarta
rus.org>
sig!         B41CAE29 2000-12-20  PuTTY Releases (RSA) <putty-bugs at lists.tartaru
s.org>
sig!         32B903A9 2000-12-20  PuTTY Development Snapshots (RSA) <putty-bugs@
lists.tartarus.org>

pub   1024R/B41CAE29 2000-12-20
uid                  PuTTY Releases (RSA) <putty-bugs at lists.tartarus.org>
sig!         B41CAE29 2000-12-20  PuTTY Releases (RSA) <putty-bugs at lists.tartaru
s.org>
sig!         1E34AC41 2000-12-20  PuTTY Master Key (RSA) <putty-bugs at lists.tarta
rus.org>

pub   1024R/32B903A9 2000-12-20
uid                  PuTTY Development Snapshots (RSA) <putty-bugs at lists.tartaru
s.org>
sig!         32B903A9 2000-12-20  PuTTY Development Snapshots (RSA) <putty-bugs@
lists.tartarus.org>
sig!         1E34AC41 2000-12-20  PuTTY Master Key (RSA) <putty-bugs at lists.tarta
rus.org>

pub   1024D/6A93B34E 2000-12-20
uid                  PuTTY Master Key (DSA) <putty-bugs at lists.tartarus.org>
sig!3        6A93B34E 2000-12-20  PuTTY Master Key (DSA) <putty-bugs at lists.tarta
rus.org>
sig!         08B0A90B 2000-12-20  PuTTY Releases (DSA) <putty-bugs at lists.tartaru
s.org>
sig!         7D3E4A00 2000-12-20  PuTTY Development Snapshots (DSA) <putty-bugs@
lists.tartarus.org>

pub   1024D/08B0A90B 2000-12-20
uid                  PuTTY Releases (DSA) <putty-bugs at lists.tartarus.org>
sig!3        08B0A90B 2000-12-20  PuTTY Releases (DSA) <putty-bugs at lists.tartaru
s.org>
sig!         6A93B34E 2000-12-20  PuTTY Master Key (DSA) <putty-bugs at lists.tarta
rus.org>

pub   1024D/7D3E4A00 2000-12-20
uid                  PuTTY Development Snapshots (DSA) <putty-bugs at lists.tartaru
s.org>
sig!3        7D3E4A00 2000-12-20  PuTTY Development Snapshots (DSA) <putty-bugs@
lists.tartarus.org>
sig!         6A93B34E 2000-12-20  PuTTY Master Key (DSA) <putty-bugs at lists.tarta
rus.org>

4 signatures not checked due to missing keys


For the self-signatures on the DSA-type keys (and only the DSA-type keys) there is a "sig!3" entry instead of a "sig!" entry. The other signatures on the DSA-type keys just have a "sig!" entry. It has been said elsewhere that the 3 in the "sig!3" entry indicates a certificate check level of 3. However, the 3 does not appear on the self-signature entries for the RSA-type keys. Is this to do with the key types (the DSA type and the RSA type), the way that the keys were created and/or signed, or some other reason?

More information about the Gnupg-users mailing list