Details of signature verification status-fd lines

Brian Mearns bmearns at
Tue Sep 22 17:50:14 CEST 2009

On Tue, Sep 22, 2009 at 11:19 AM, Werner Koch <wk at> wrote:
> On Tue, 22 Sep 2009 16:26, bmearns at said:
>> Just a quick question on the --status-fd output from a --verify
>> operation: if EXPSIG, EXPKEYSIG, or REVKEYSIG are given, could
>> VALIDSIG or GOODSIG also show up? In other words, are these just for
> It depends.  EXPKEYSIG for example may come in addition to VALIDSIG.
> VALIDSIG is the modern version of GOODSIG.  Except for the description
> in doc/DETAILS we don't have a more specific description (it is on our
> task list, though).
> The best way to see what you can expect is to look at the gpgme code.
> gpgme/src/verify.c computes the validity of signatures.  Processing the
> NEWSIG status line is in general a good idea so that you don't mix the
> status lines given for different signatures.
> Salam-Shalom,
>   Werner
> --
> Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

Thanks for the response. So EXPKEYSIG doesn't mean the key was expired
when the signature was made, right? If that shows up along with
VALIDSIG, it's ok to trust the signature, correct? What about
REVKEYSIG? If a key is revoked, is there an easy way to know if the
signature was made prior to revocation, or would it be necessary to
just compare the stamps on the signature and the revocation?


Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from:

More information about the Gnupg-users mailing list