Edited on 2026-06-08, 2026-06-11, 2026-07-01ff: replaced with current state of the discussion.
T8336: Kleopatra: add info texts to verification results was split off from this ticket to cover the info text parts. This ticket is now only about the short verification result text
We want to restructure the verification result messages to put the most important information at the beginning and also make a few text improvements.
Note that we do here no longer use the gpg/gpgsm error messages in the texts, but we still link (via button) to the audit log which contains them.
The parts shown as list items are from the info/help which should be accessible via a button. Each list item represents its own paragraph.
The button for the info should be after the first sentence / part.
V-SUMMARY (!= summary now) it is meant to be: User-ID + creation date (with link to cert details)
Caveat: I did not include expiration of the signature (as opposed to expiration of the signature key), compare T8035.
Certificate for the signature is not available
The signature cannot be verified because the corresponding certificate is not available. The data cannot be trusted. [The signing certificate’s fingerprint is %1. | The signing certificate’s issuer is %1, the S/N is %2.]
- The signing certificate is not present in your certificate list, but it is needed to verify the data.
- What can be done: Ask the sender for the certificate or import it from a file or a keyserver. Then verify the data again.
Certificate is available, but ...
The signature does not match (“Bad signature”)
The data cannot be trusted. Reason: Data and signature do not match.
The signature claims to be from V-SUMMARY and dated %date+time.
- The data or the signature has been altered. This can happen accidentally (e.g. due to a transmission error), unintentionally (e.g. due to a subsequent change to the data, possibly by an email client), or intentionally (deliberate manipulation).
- What can be done: Ask the sender to resend the data.
The signature certificate has been revoked
The data cannot be trusted. Reason: The signing certificate has been revoked.
Signed by V-SUMMARY on %date+time.
- The certificate may have been revoked because it was compromised and it might now be used by a third party. The data can therefore not be trusted. Technically, signature and data match.
- It is possible that you received the data at a time when the certificate was still valid and trusted. If this is the case, the data may be valid.
- What can be done: If in doubt, contact the signer to clarify the situation and, if necessary, ask them to resend the data signed with a current certificate.
The signature certificate has expired
The data cannot be trusted. Reason: The signing certificate has expired.
Signed by V-SUMMARY on %date+time.
- For an expired certificate, it cannot be evaluated whether the certificate can be trusted. Therefore the data cannot be trusted. Technically, signature and data match.
- If the certificate was valid and trusted when you received the data, the data is likely valid.
- What can be done:
SMIME: If in doubt, contact the signer to clarify the situation and, if necessary, ask them to resend the data with a current certificate.
OPENPGP: You can look for an updated certificate on a keyserver, or ask the sender for it, then verify the data again after importing the certificate.
The signing certificate is not trusted
The data cannot be trusted: Reason: It cannot be verified whether the data originates from the stated source.
Signed by V-SUMMARY on %date+time.
- Technically, signature and data match, but the signing certificate is not marked as trusted. Therefore the data cannot be trusted to originate from the stated source.
- What can be done: Verify the certificate’s [fingerprint and certify it | Root-CA fingerprint and trust it]. Then verify the data again.
The certificate is valid and the signature verification was successful
Signature verification was successful: Data and signature match and the certificate is valid and trusted.
Signed by V-SUMMARY on %date+time.
(No info button for this one, this should be clear.)
Addition to all variants (with exception “no certificate”)
"The signature is %1" can expand to:
The signature is not VS-NfD compliant / NATO restricted compliant
Info text: The signature was not created with a VS-NfD compliant certificate. It must not be used for classified information, but it is acceptable for non-classified use.
The signature is VS-NfD compliant / NATO restricted compliant
Info text: The algorithm of the certificate used for the signature is VS-NfD compliant.