FW from PGP-Basis: newbie question about bad keys

David Shaw dshaw at jabberwocky.com
Mon Feb 16 19:16:36 CET 2009

On Mon, Feb 16, 2009 at 02:48:11PM -0300, Faramir wrote:
> paramouse escribi??:
> > I am new to using GnuPG and hoping this is the the correct place to post
> > questions.
> > 
> > For practice, I imported some public keys to my keyring.  I ran a
> > 
> > gpg --check-sig
> > 
> > After listing the signatures of the public keys I've imported, there's
> > the statement:
> > 
> > 46 bad signatures
> > 5133 signatures not checked due to missing keys
> > 
> > The "signatures not checked" seems pretty self explanatory.  What does
> > the bad signatures mean?
>   Since I never saw an answer about the meaning of those bad signatures,
> I am forwarding the question to GnuPG-Users list...
>   I ran that command too, and got:
> 186 firmas incorrectas
> (186 bad signatures)
> 19112 firmas no comprobadas por falta de clave
> (19112 signatures not checked due to missing keys)
> 2 firmas no comprobadas por errores
> (2 signatures not checked due to errors).
>   What kind of errors could it be?

"signatures not checked" means just what you guessed - the keys aren't
there, so GPG couldn't check them.

"bad signatures" means the signature was checked, but it turned out to
be invalid.

"not checked due to errors" is a grab bag for everything else.  A
common reason for something to show up in this group is a timestamp
conflict (for example, the signature is older than the key that issued
it).  When you do a --check-sig, some sigs are tagged with "sig%".
Look for those and you can usually read the reason for the error.


More information about the Gnupg-users mailing list