On Fri, Nov 21, 2025 at 10:23:09PM +0000, Eric Biggers wrote: > That list actually includes the same three files that use -EKEYREJECTED. > It looks like if the signature verification fails "early" it's -EBADMSG, > whereas if it fails "late" it's -EKEYREJECTED?
-EBADMSG denotes malformed data (e.g. incorrectly formatted ASN.1 payload). -EKEYREJECTED denotes a well-formed, but incorrect signature (e.g. made by a wrong key). I think it's important and useful to be able to differentiate that. Thanks, Lukas
