On Mon, Feb 16, 2009 at 02:48:11PM -0300, Faramir wrote: > paramouse escribi??: > > I am new to using GnuPG and hoping this is the the correct place to post > > questions. > > > > For practice, I imported some public keys to my keyring. I ran a > > > > gpg --check-sig > > > > After listing the signatures of the public keys I've imported, there's > > the statement: > > > > 46 bad signatures > > 5133 signatures not checked due to missing keys > > > > The "signatures not checked" seems pretty self explanatory. What does > > the bad signatures mean? > > Since I never saw an answer about the meaning of those bad signatures, > I am forwarding the question to GnuPG-Users list... > > I ran that command too, and got: > > 186 firmas incorrectas > (186 bad signatures) > 19112 firmas no comprobadas por falta de clave > (19112 signatures not checked due to missing keys) > 2 firmas no comprobadas por errores > (2 signatures not checked due to errors). > > What kind of errors could it be?
"signatures not checked" means just what you guessed - the keys aren't there, so GPG couldn't check them. "bad signatures" means the signature was checked, but it turned out to be invalid. "not checked due to errors" is a grab bag for everything else. A common reason for something to show up in this group is a timestamp conflict (for example, the signature is older than the key that issued it). When you do a --check-sig, some sigs are tagged with "sig%". Look for those and you can usually read the reason for the error. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
