Docs/ Verification/ Common verify errors

Common verify errors

Every error message you might see from gpg on an Anubis rotation, and what each means.

gpg messageWhat it meansWhat to do
Good signatureThe message is authentic. The address inside is trustworthy.Use the address inside.
BAD signatureThe message has been altered after signing, or was never signed by the operator key.Do not use the address inside. Report to the pinned Dread thread.
Can't check signature: No public keyThe operator key is not on your keyring yet.Import the operator key first. See PGP signature check.
Signature made ... by different key IDThe message is signed by a key other than the operator.Do not import that key. Do not use the address inside.
WARNING: This key is not certified with a trusted signatureNormal warning. It only means you have not personally signed the operator key.Ignore, as long as the main line above says Good signature.
Signature made ... using RSA key ID ... (expired)The signing key has expired.Do not trust. Check whether the operator has published a rotation of the signing key itself.
reading exit codes

The gpg exit code matters too. Exit 0 means success. Non-zero means the signature failed for some reason. In shell scripts, always check the exit code, not just parse the output.