Details of signature verification status-fd lines
Brian Mearns
bmearns at ieee.org
Wed Sep 23 16:16:59 CEST 2009
On Wed, Sep 23, 2009 at 4:20 AM, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 22 Sep 2009 17:50, bmearns at ieee.org said:
>
>> Thanks for the response. So EXPKEYSIG doesn't mean the key was expired
>> when the signature was made, right? If that shows up along with
>
> It means that the key has expired by now.
>
>> VALIDSIG, it's ok to trust the signature, correct? What about
>
> That is up to you. Usually you would show a message stating that the
> key used to create the message meanwhile expired. Whether you take the
> signature creation date into account and show a different message is up
> to you. If a signer wants to use an expired key for signing he may as
> well change the signature creation time.
>
>> REVKEYSIG? If a key is revoked, is there an easy way to know if the
>> signature was made prior to revocation, or would it be necessary to
>> just compare the stamps on the signature and the revocation?
>
> There is no way becuase you don't know why the key was revoked. Sure
> the revocation signature allows to give a reason of revocation and you
> can take that in account, but if the key was compromised an attacker may
> also create a revocation with a different reasons (e.g. key superseded).
> You can't tell who did the revocation.
>
>
> Salam-Shalom,
>
> Werner
>
> --
> Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
>
>
Great, thanks for the help, Werner.
By the way, are there any python or PHP bindings for GPGME?
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net
More information about the Gnupg-users
mailing list