Determining the Level of Trust of a Digitally Signed Document
In order to determine how trustworthy a digital signature of a file is, you need to grab the file, the digital signature, and you will need to import the user’s public key. This wikipedia fragment describes what is meant by a “trustworthy signature” in terms of the Web of Trust.
This is the command I run to determine the level of trust of my signed foaf file.
<br />
gpg --verify --no-tty --status-fd 2 --command-fd 0 foaf.rdf.asc foaf.rdf<br />
Which results in the folowing output :
<br />
gpg: Signature made Wed 3 Jun 23:19:52 2009 BST using RSA key ID 51F2F7EF<br />
[GNUPG:] SIG_ID foL1PiWCT+546VnE17UG2QvWJeE 2009-06-03 1244067592<br />
[GNUPG:] GOODSIG 9ED0B04E51F2F7EF Mischa Tuffield (Mischa@Garlik) <[email protected]><br />
gpg: Good signature from "Mischa Tuffield (Mischa@Garlik) <[email protected]>"<br />
gpg: aka "Mischa Tuffield (http://id.ecs.soton.ac.uk/person/6914) <[email protected]>"<br />
[GNUPG:] VALIDSIG 18A2AF280CA59E77AE512BB39ED0B04E51F2F7EF 2009-06-03 1244067592 0 4 0 1 2 00 18A2AF280CA59E77AE512BB39ED0B04E51F2F7EF<br />
[GNUPG:] TRUST_ULTIMATE<br />
This is an automatic way of evaluating how trust worthy statement at the end of a URI are.