preferring --check-sigs over --list-sigs

Werner Koch wk at gnupg.org
Thu Sep 28 14:20:13 CEST 2017 

On Wed, 27 Sep 2017 20:24, dkg at fifthhorseman.net said:
> I've noted this as https://dev.gnupg.org/T3430

Thanks.  My fix is

   --check-signatures
   --check-sigs
          Same  as  --list-keys, but the key signatures are verified and
          listed too.  Note that for performance reasons the  revocation
          status  of  a  signing key is not shown.  This command has the
          same effect as using --list-keys with --with-sig-check.

          The status of the verification is indicated by a flag directly
          following  the  "sig" tag (and thus before the flags described
          below.  A "!" indicates that the signature has  been  success‐
          fully  verified,  a  "-"  denotes a bad signature and a "%" is
          used if an error occurred while checking the signature (e.g. a
          non  supported algorithm).  Signatures where the public key is
          not availabale are not listed; to see their keyids the command
          --list-sigs can be used.

          For  each signature listed, there are several flags in between
          the signature status flag and keyid.  These flags  give  addi‐
          tional  information  about  each  key signature.  From left to
          right, they are the numbers 1-3 for  certificate  check  level
          (see --ask-cert-level), "L" for a local or non-exportable sig‐
          nature (see --lsign-key), "R"  for  a  nonRevocable  signature
          (see  the  --edit-key  command  "nrsign"), "P" for a signature
          that contains a policy URL (see --cert-policy-url), "N" for  a
          signature  that contains a notation (see --cert-notation), "X"
          for an eXpired signature (see --ask-cert-expire), and the num‐
          bers  1-9  or "T" for 10 and above to indicate trust signature
          levels (see the --edit-key command "tsign").

and far below under esoteric options:

  --list-signatures
  --list-sigs
          Same as --list-keys, but the signatures are listed too.   This
          command  has the same effect as using --list-keys with --with-
          sig-list.  Note that in contrast to --check-signatures the key
          signatures are not verified.



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170928/d906fda1/attachment.sig>

More information about the Gnupg-users mailing list