GPGME: What does ‘0’ (zero) ‘signature.summary’ value mean?

Ben Finney ben+freesoftware at benfinney.id.au
Wed Apr 17 04:08:12 CEST 2024


Ingo Klöcker <kloecker at kde.org> writes:

> It would be helpful if you also gave us the public key.

Oh, I had expected a GnuPG client would fetch the key? It's part of the
signed message metadata, so it should be automatically fetched from the
key servers, I'd expect.

Regardless, here is the URL to download that public key:

    <URL: https://keys.openpgp.org/search?q=517C+F14B+B2F3+98B0+CB35++4855+B8B2+4C06+AC12+8405>

> Please also provide the output you get when you run `gpg --status-fd
> 2` on the message.

Here is the session:

=====
$ gpg --status-fd 2 foo.txt.asc
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
[GNUPG:] PLAINTEXT 74 0 
[GNUPG:] NEWSIG
gpg: Signature made Mon 15 Apr 2024 09:32:13 AEST
gpg:                using RSA key 6159E0F29E2FA412E0795C73F9B46AAC84420C82
[GNUPG:] KEYEXPIRED 1446855895
[GNUPG:] KEYEXPIRED 1541729896
[GNUPG:] KEYEXPIRED 1650968464
[GNUPG:] KEY_CONSIDERED 517CF14BB2F398B0CB354855B8B24C06AC128405 0
[GNUPG:] SIG_ID R7hUtvOTHhmxxN8Fpqx8OxQtJ2w 2024-04-14 1713137533
[GNUPG:] KEYEXPIRED 1446855895
[GNUPG:] KEYEXPIRED 1541729896
[GNUPG:] KEYEXPIRED 1650968464
[GNUPG:] KEY_CONSIDERED 517CF14BB2F398B0CB354855B8B24C06AC128405 0
[GNUPG:] GOODSIG F9B46AAC84420C82 Ben Finney <ben at benfinney.id.au>
gpg: Good signature from "Ben Finney <ben at benfinney.id.au>" [unknown]
gpg:                 aka "Ben Finney (White Tree) <bignose at whitetree.org>" [unknown]
gpg:                 aka "Ben Finney (Free Software Foundation) <bignose at member.fsf.org>" [unknown]
gpg:                 aka "Ben Finney (Debian) <ben+debian at benfinney.id.au>" [unknown]
gpg:                 aka "[jpeg image of size 8917]" [unknown]
gpg:                 aka "[jpeg image of size 6222]" [unknown]
gpg:                 aka "Ben Finney <bignose at whitetree.org>" [unknown]
gpg:                 aka "Ben Finney <bignose at member.fsf.org>" [unknown]
gpg:                 aka "Ben Finney <ben+debian at benfinney.id.au>" [unknown]
gpg:                 aka "Ben Finney (Debian Project) <bignose at debian.org>" [unknown]
[GNUPG:] VALIDSIG 6159E0F29E2FA412E0795C73F9B46AAC84420C82 2024-04-14 1713137533 0 4 0 1 8 01 517CF14BB2F398B0CB354855B8B24C06AC128405
[GNUPG:] KEYEXPIRED 1446855895
[GNUPG:] KEYEXPIRED 1541729896
[GNUPG:] KEYEXPIRED 1650968464
[GNUPG:] KEY_CONSIDERED 517CF14BB2F398B0CB354855B8B24C06AC128405 0
[GNUPG:] KEYEXPIRED 1446855895
[GNUPG:] KEYEXPIRED 1541729896
[GNUPG:] KEYEXPIRED 1650968464
[GNUPG:] KEY_CONSIDERED 517CF14BB2F398B0CB354855B8B24C06AC128405 0
[GNUPG:] TRUST_UNDEFINED 0 pgp
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 517C F14B B2F3 98B0 CB35  4855 B8B2 4C06 AC12 8405
     Subkey fingerprint: 6159 E0F2 9E2F A412 E079  5C73 F9B4 6AAC 8442 0C82
=====

So, the key is expired; but this (correctly) does not cause the
signature verification to fail.

-- 
 \          “Some subjects are so serious that one can only joke about |
  `\                                                them.” —Niels Bohr |
_o__)                                                                  |
Ben Finney




More information about the Gnupg-devel mailing list