GPG Services: verification results are wrong

Helmut K. C. Tessarek's Avatar

Helmut K. C. Tessarek

05 Feb, 2019 02:25 PM

GPG Services 1.11.6 1056 (ad0c960)

The verification results are wrong, if the signing key has been revoked.

I revoked my previous old key, because I created a newer one. Please note that the signatures of files that were created with a key, which is now revoked, are still valid. However, GPG Services gives me the following message:

Verification FAILED: Signature revoked (Code: 94)

This is wrong on so many levels. The verification is valid even though the key has been revoked.

The message should state something like this:

Signature valid - Key revoked - Reason for revocation: xxx

Telling people that a signature was not valid (what else is 'verification failed' supposed to mean?) is plain and simply wrong. It should clearly be stated that the signature is valid, but that the key was revoked.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac