Storing custom signed data in the key

Wiktor Kwapisiewicz wiktor at
Sat Aug 17 22:19:43 CEST 2019

Hi Tomasz,

> what would be the most "canonical" way to store arbitrary, signed data
> along the gpg key? And then: what is the programmatic way of extracting
> said data?
> (...)
> sig!3    N   KEYID 2019-08-17  User Example <user at>
>     Signature notation: pub at signify=SIGNIFYKEY
> Does it make sense? Is it a good idea? What would be a better way?

Yep, that definitely makes sense and notations are a good way to store 
additional data. The only problem here is how to get the notation values 
programmatically in a way that you know the self-signature is valid.

Sadly "gpg --list-options show-notations --with-colons --list-keys $KEY" 
does not print the notation output.

I did use OpenPGP.js to verify signature and extract notations for a 
small project of mine ( example here: ) but I understand you want to keep the 
dependencies to the minimum.

Maybe you could use GpgME, the docs look promising:

 > The signature notations on a key signature are only available if the 
key was retrieved via a listing operation with the 
GPGME_KEYLIST_MODE_SIG_NOTATIONS mode enabled, because it can be 
expensive to retrieve all signature notations.


One minor thing, you may want to adjust the notation name (key). RFC 
4880 advises e-mail-like key where the domain is a name you control. So 
for example "pub-signify at" if you control "". 
Additionally it would be nice to have the e-mail redirect to a human in 
case someone sends the message there.

Kind regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list