Clarification on getting a validity reason in GPGME

Ingo Klöcker kloecker at
Sun Nov 8 16:50:33 CET 2020

On Sonntag, 8. November 2020 02:27:57 CET John Scott via Gnupg-users wrote:
> Hi
> I'm writing a tool using GPGSM and want to print signature validation
> information without reinventing the wheel with case statements, also for the
> sake of localization. These members in gpgme_signature_t [1] seem to be
> what I'm looking for:
> gpgme_validity_t validity
> 	The validity of the signature.
> gpgme_error_t validity_reason
> 	If a signature is not valid, this provides a reason why.
> so I can get a string from the gpgme_error_t, although it appears to be
> conditional on the signature being invalid. That's not clear since
> gpgme_validity_t is an enumeration of

In the C++ bindings the equivalent for validity_reason is, more appropriately, 
called nonValidityReason. Also, validity refers to the (local) validity of the 
certificate that was used to make the signature. As far as I can see, in case 
of gpgsm validitity can take only three of the above mentioned 6 values:
* FULL (if the signature is good; the signature cannot be good if there is a 
problem or an untrusted key in the certificate chain; in this case 
validity_reason is 0)
* NEVER (if the certificate chain is invalid; in this case validity_reason 
gives more details)
* UNDEFINED (if there was some other problem while validating the certificate 

> I wonder if this is the case already and it's just a documentation quirk,
> but it'd be helpful if validity_reason were set to some value for good
> signatures, although this isn't technically an error.

As mentioned above the variable is just named badly. It would better have been 
called non_validity_reason (as in the C++ binding).

I'm wondering what kind of reason do you expect for a good signature? I mean 
there's exactly one reason for a good signature: The signature is 
"cryptographically correct" and the certificate that was used to make the 
signature is valid. In all other cases the signature is not good and then it 
makes sense to ask for the reason why it's not good.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Gnupg-users mailing list