trust level for validating signature with gpgme
allan at archlinux.org
Tue Nov 23 14:53:54 CET 2010
I am writing a piece of software that requires validating a signature of
a file before using it. So far I have managed to use gpgme to validate
a signature for a file, but only if the key that signed it has been
given "ultimate" trust.
Reducing the trust level to "full" results in the file not being
validated. Looking at the gpgme_verify_result_t object returned from
gpgme_op_verify_result shows that nothing is set in the summary or
status bit vectors, and the validity is set to GPGME_VALIDITY_UNKNOWN.
A possibility is that I am using the wrong field to determine the
validity of the key. I am currently testing:
(gpgme_verify_result_t->summary & GPGME_SIGSUM_VALID)
Is that the correct approach?
More information about the Gnupg-users