..

Determining the Level of Trust of a Digitally Signed Document

In order to determine how trustworthy a digital signature of a file is, you need to grab the file, the digital signature, and you will need to import the user’s public key. This wikipedia fragment describes what is meant by a “trustworthy signature” in terms of the Web of Trust.

This is the command I run to determine the level of trust of my signed foaf file.
<br /> gpg --verify --no-tty --status-fd 2 --command-fd 0 foaf.rdf.asc foaf.rdf<br />

Which results in the folowing output :
<br /> gpg: Signature made Wed 3 Jun 23:19:52 2009 BST using RSA key ID 51F2F7EF<br /> [GNUPG:] SIG_ID foL1PiWCT+546VnE17UG2QvWJeE 2009-06-03 1244067592<br /> [GNUPG:] GOODSIG 9ED0B04E51F2F7EF Mischa Tuffield ([email protected]) <[email protected]><br /> gpg: Good signature from "Mischa Tuffield ([email protected]) <[email protected]>"<br /> gpg: aka "Mischa Tuffield (http://id.ecs.soton.ac.uk/person/6914) <[email protected]>"<br /> [GNUPG:] VALIDSIG 18A2AF280CA59E77AE512BB39ED0B04E51F2F7EF 2009-06-03 1244067592 0 4 0 1 2 00 18A2AF280CA59E77AE512BB39ED0B04E51F2F7EF<br /> [GNUPG:] TRUST_ULTIMATE<br />

This is an automatic way of evaluating how trust worthy statement at the end of a URI are.