manpagez: man pages & more
info gnupg
Home | html | info | man

File: gnupg.info,  Node: Automated signature checking,  Next: CSR and certificate creation,  Up: Unattended Usage

5.5.1 Automated signature checking
----------------------------------

It is very important to understand the semantics used with signature
verification.  Checking a signature is not as simple as it may sound and
so the operation is a bit complicated.  In most cases it is required to
look at several status lines.  Here is a table of all cases a signed
message may have:

The signature is valid
     This does mean that the signature has been successfully verified,
     the certificates are all sane.  However there are two subcases with
     important information: One of the certificates may have expired or
     a signature of a message itself as expired.  It is a sound practise
     to consider such a signature still as valid but additional
     information should be displayed.  Depending on the subcase 'gpgsm'
     will issue these status codes:
     signature valid and nothing did expire
          'GOODSIG', 'VALIDSIG', 'TRUST_FULLY'
     signature valid but at least one certificate has expired
          'EXPKEYSIG', 'VALIDSIG', 'TRUST_FULLY'
     signature valid but expired
          'EXPSIG', 'VALIDSIG', 'TRUST_FULLY' Note, that this case is
          currently not implemented.

The signature is invalid
     This means that the signature verification failed (this is an
     indication of a transfer error, a program error or tampering with
     the message).  'gpgsm' issues one of these status codes sequences:
     'BADSIG'
     'GOODSIG, VALIDSIG TRUST_NEVER'

Error verifying a signature
     For some reason the signature could not be verified, i.e.  it
     cannot be decided whether the signature is valid or invalid.  A
     common reason for this is a missing certificate.

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.