(verification_chapter)= # Verification - Self-authenticating data (unhashed subpackets) ## When are signatures valid? The validity of a signature is constrained by a number of conditions. First and foremost, a signature must be cryptographically correct, meaning the signature as well as the signed information must be intact. Futhermore, signatures on a certificate form a chain, originating from the certificates primary key down to signatures issued by the certificate. In order to verify, whether a signature is valid, the whole signature chain must be checked, taking expiration dates, capabilities and revocations into account. For example, in order to verify a data signature over a text document, an implementation would need to verify not only the data signature itself, but also the binding signature (and back-signature) of the signing subkey, as well as the direct-key signature on the primary key of the issuer certificate. The signature might be invalidated by corruption of the text document, corruption of the data signature packet, expiration or revocation of the primary or signing subkey, or revocation/expiration of the primary User ID. Furthermore, the signature might not be valid in the first place, due to a missing subkey binding signature, or a missing `SIGN_DATA` keyflag on the subkey binding signature. ```{include} mermaid/09-sigtree.md ``` - Validity as a tree of signatures ## Which signatures take precedence?