trust level for validating signature with gpgme

Werner Koch wk at
Tue Nov 23 20:14:52 CET 2010

On Tue, 23 Nov 2010 14:53, allan at said:

> validity of the key.  I am currently testing:
> (gpgme_verify_result_t->summary & GPGME_SIGSUM_VALID)
> Is that the correct approach?

That's fine.  However if a key expired you won't get VALID.  An expired
key does not mean that the signature is not valid.  Are more relaxed
check is to check for the GPGME_SIGSUM_GREEN.

To check what's wrong you should manually verify the signature:

  gpg --verify --status-fd 2 -v foo.gpg

Gpgme watches the [GNUPG:] lines to get its idea of the signature



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list