2 FAQs

Michael Nahrath gnupg-users@nahrath.de
Thu Dec 5 22:44:02 2002 

David Shaw <dshaw@jabberwocky.com> schrieb am 2002-12-05 20:45 Uhr:


>> sig!2   P    C9541FB2 2002-06-29   Douglas F. Calvert <dfc@anize.org>
>>    ^^^^^^^^^^ 
>> Betwheen the "sig" and the 8-byte Key-ID there are 10 characters space.
>> 
>> Where do I find a complete compilation of all possible values they can take
>> and their meaning?
> 
> "sig", followed by:
> 
> 1. ! for good sig, - for bad sig, % for error, and blank for no public
>  key available to verify sig.

... only displayed at --check-sigs, not at --list-sigs
 
> 2. 1-3, giving the verification level of the key.  This is just
>  cosmetic (a note from the signer to you) and has no bearing on
>  whether the key is trusted or not.

Good to know, especially when it comes to robot-sigs ...
 
> 5. P if a policy URL exists on this signature, blank if not.

gpg --check-sigs --show-policy-url 13300731

as an example. Nice!

Is there a way to "tune up" an already given signature?
  
> 6. N if a notation exists on this signature, blank if not.

gpg --check-sigs --show-notation

Don't have an example for this in my keyring.
 
> 8. 1-9 if this is a trust signature, or "T" if the trust signature
>  depth is greater than 9.  Blank if not a trust signature.  (GnuPG
>  1.3.x only).

Is this new to GPG only?
I have found this value set on quite old keys:

pub   1024R/BB1D9F6D 1997-03-04 ct magazine CERTIFICATE <pgpCA@ct.heise.de>
sig!       1 B3B2A12C 1999-05-12 ct magazine CERTIFICATE <pgpCA@ct.heise.de>

>> The second character after the "sig" is new since GPG 1.0.7 and indicates
>> the quality of a signature. Where can I get more information about this new
>> model? 
>> I haven't found anything about this except the release notes for 1.0.7 and
>> the dialogs inside the program and those are rather short.
> 
> Make a signature, and when it asks you for the level, enter a '?'.

:-)

Some more FAQ style questions:

Signatures made by GPG 1.0.7 and later often have a number that expresses
how good identity checking had been done before signing.
Are those signatures better than the old ones without a number?

Can I update signatures I made to other's keys with earlier versions of GPG
or PGP to include with such a number (it should remain the same signature,
no second)?

I signed someone's key with sig!1 some time ago. In the meantime I got to
know him realy well and had occation for a thorough identity check.
Can I update this (same) signature to sig!3 ?

Greeting, Michi