trust level for validating signature with gpgme
wk at gnupg.org
Tue Nov 23 20:14:52 CET 2010
On Tue, 23 Nov 2010 14:53, allan at archlinux.org said:
> validity of the key. I am currently testing:
> (gpgme_verify_result_t->summary & GPGME_SIGSUM_VALID)
> Is that the correct approach?
That's fine. However if a key expired you won't get VALID. An expired
key does not mean that the signature is not valid. Are more relaxed
check is to check for the GPGME_SIGSUM_GREEN.
To check what's wrong you should manually verify the signature:
gpg --verify --status-fd 2 -v foo.gpg
Gpgme watches the [GNUPG:] lines to get its idea of the signature
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users