[ale] Bad signatures on keys?

Jeremy T. Bouse jeremy.bouse at undergrid.net
Thu Dec 15 19:26:31 EST 2011 

	Honestly the bad signatures can usually be ignored as long as your key
appears fine... When I ran a --check-sigs just before typing this I had
the following output:

168 bad signatures
15263 signatures not checked due to missing keys

	While just running 'gpg --check-sigs "Jeremy T. Bouse"' produced:

1 bad signature
29 signatures not checked due to missing keys

	Running against my 2 keys independently shows me that the "1 bad
signature" is on my 62DBDF62 personal key and my 29AB4CDD Debian key
only has 1 signature not checked due to missing key which means the
remaining 28 signatures not checked are on my old retired/revoked keys
still in my keyring. If I feel up for it I'll run through some gpg
scripting and see if I can't research further as to why the signature is
considered bad.

	As for status... Out of 18 I'm only missing 4 completely that haven't
signed my keys or show my signatures on their key and 1 that I have
received my key signed but doesn't show that my signature to their key
has been received. Actually not too bad.

On 12/15/2011 06:32 PM, arxaaron wrote:
> 
> On 2011/12/15, at 14:24 , Michael B. Trausch wrote:
> 
>> I'm a bit curious, I just did another re-import and then a --check- 
>> sigs
>> and I saw this at the bottom of the output:
>>
>> 4 bad signatures
>> 1945 signatures not checked due to missing keys
>>
>> I get the missing keys bit, but the 4 bad signatures I thought was a
>> little strange, so I looked into it.  Seems that bad signatures are
>> shown with their lines starting with "sig-" instead of "sig!" in the
>> --check-sigs output.
>>
>> The four bad signatures are (output trimmed, they're all on Mike
>> Warfield's key and the list is massively huge):
>>
>> pub   1024R/DF1DD471 1994-04-28
>> uid                  Michael H. Warfield <mhw at WittsEnd.com>
>> sig-         DF1DD471 1998-04-05  Michael H. Warfield <mhw at WittsEnd.com 
>>>
>>
>> uid                  Michael H. Warfield <mhw at commandcorp.com>
>> sig-         DF1DD471 1994-04-29  Michael H. Warfield <mhw at WittsEnd.com 
>>>
>> sig-3        DF1DD471 2002-10-14  Michael H. Warfield <mhw at WittsEnd.com 
>>>
>> sig-3        5DEA789B 2011-12-09  David Tomaschik <david at systemoverlord.com 
>>>
>>
>> So, three of the bad signatures on key df1dd471 are from key df1dd471
>> and one of the bad signatures is from key 5dea789b, am I understanding
>> that correctly?
>>
>> Also, why is it that David's key shows an invalid signature for the
>> mhw at commandcorp.com uid, but not for any of the other uids on that  
>> key?
>>
>> Is there a possibility that something is funky with my
>> (brand-spanking-new!) GPG database, somehow?
>>
>> 	--- Mike
> 
> 
> hmmmm....  did a --refresh-keys earlier and it didn't report any errors:
> 
> gpg: Total number processed: 24
> gpg:              unchanged: 4
> gpg:           new user IDs: 2
> gpg:         new signatures: 1679
> gpg: no ultimately trusted keys found
> 
> Though I don't understand the last line about
> "no ultimately trusted keys found"
> 
> running --check-sigs just now showed 5 bad sigs, though...
> 5 bad signatures
> 1922 signatures not checked due to missing keys
> 
> 
> peace
> aaron
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 294 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20111215/223f23ff/attachment.bin

More information about the Ale mailing list