tag:gpgtools.tenderapp.com,2011-11-04:/discussions/feedback/16041-verify-signatureGPGTools: Discussion 2020-07-27T14:58:04Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/484572092020-07-11T05:13:38Z2020-07-11T05:13:39ZVerify Signature???<div><p>I am new to PGP and am trying to learn. I have been trying to successfully verify a signature for the last six hours or so. I must say that for all the documentation on this site there has been NOTHING of help here to me whatsoever.</p>
<p>I am on a website that is asking me to verify their signature thru a document they've published. Their signature is appended to the end of the document. I have their public key in my keychain. I click "Services/OpenPGP: Verify Signature of File" but that doesn't work. What gives???</p></div>Michaeltag:gpgtools.tenderapp.com,2011-11-04:Comment/484572092020-07-11T05:29:56Z2020-07-11T05:29:57ZVerify Signature???<div><p>So...</p>
<p>If the "ownertrust" is set to "unknown," or set to anything OTHER than "Ultimate," when you check the signature GPG Keychain returns "The signature is not to be trusted."</p>
<p>If, however, you change the trust to "Ultimate," it returns a seemingly "favorable" response, saying that the signature is trusted.</p>
<p>All this time I assumed I was doing something wrong while trying to verifying a signature, but I was not. Your app returns a message that is highly confusing to and unclear! While the ownertrust is marked anything but "ultimate," BUT the signature DOES in fact match, it still says "signature should not be trusted." But it now seems to me that "signature should not be trusted" only refers to the "trust level" that I've set for that contact and NOT for the "correctness" of the signature itself. Jeez Louise!!!!!!</p></div>Michaeltag:gpgtools.tenderapp.com,2011-11-04:Comment/484572092020-07-13T18:13:28Z2020-07-13T18:13:28ZVerify Signature???<div><p>Hi Michael,</p>
<p>welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.</p>
<p>This <a href="https://gpgtools.tenderapp.com/kb/how-to/trusting-keys-and-why-this-signature-is-not-to-be-trusted">KB-article</a> explains how to verify and sign a key and also elaborates on why a signature is untrusted and that that is not necessarily a problem (depending on your use-case and required trust).</p>
<p>All the best,<br>
Steve</p></div>Steve