Common verify errors
Every error message you might see from gpg on an Anubis rotation, and what each means.
| gpg message | What it means | What to do |
|---|---|---|
Good signature | The message is authentic. The address inside is trustworthy. | Use the address inside. |
BAD signature | The message has been altered after signing, or was never signed by the operator key. | Do not use the address inside. Report to the pinned Dread thread. |
Can't check signature: No public key | The operator key is not on your keyring yet. | Import the operator key first. See PGP signature check. |
Signature made ... by different key ID | The message is signed by a key other than the operator. | Do not import that key. Do not use the address inside. |
WARNING: This key is not certified with a trusted signature | Normal warning. It only means you have not personally signed the operator key. | Ignore, as long as the main line above says Good signature. |
Signature made ... using RSA key ID ... (expired) | The signing key has expired. | Do not trust. Check whether the operator has published a rotation of the signing key itself. |
reading exit codes
The gpg exit code matters too. Exit 0 means success. Non-zero means the signature failed for some reason. In shell scripts, always check the exit code, not just parse the output.