trust level for validating signature with gpgme

Allan McRae allan at
Tue Nov 23 14:53:54 CET 2010


I am writing a piece of software that requires validating a signature of 
a file before using it.  So far I have managed to use gpgme to validate 
a signature for a file, but only if the key that signed it has been 
given "ultimate" trust.

Reducing the trust level to "full" results in the file not being 
validated.  Looking at the gpgme_verify_result_t object returned from 
gpgme_op_verify_result shows that nothing is set in the summary or 
status bit vectors, and the validity is set to GPGME_VALIDITY_UNKNOWN.

A possibility is that I am using the wrong field to determine the 
validity of the key.  I am currently testing:
(gpgme_verify_result_t->summary & GPGME_SIGSUM_VALID)
Is that the correct approach?


More information about the Gnupg-users mailing list