On Wed, 24 Nov 2010 02:31, al...@archlinux.org said:
1) I would have expected the trust level to be something like
TRUST_FULL rather than TRUST_UNDEFINED. Is this because I have no
signatures on that key or more specifically because I have no
ultimately trusted key in the keyring signing
On 24/11/10 18:49, Werner Koch wrote:
On Wed, 24 Nov 2010 02:31,al...@archlinux.org said:
1) I would have expected the trust level to be something like
TRUST_FULL rather than TRUST_UNDEFINED. Is this because I have no
signatures on that key or more specifically because I have no
Hi,
I am writing a piece of software that requires validating a signature of
a file before using it. So far I have managed to use gpgme to validate
a signature for a file, but only if the key that signed it has been
given ultimate trust.
Reducing the trust level to full results in the file
On Tue, 23 Nov 2010 14:53, al...@archlinux.org said:
validity of the key. I am currently testing:
(gpgme_verify_result_t-summary GPGME_SIGSUM_VALID)
Is that the correct approach?
That's fine. However if a key expired you won't get VALID. An expired
key does not mean that the signature is