Confusing bad sig error message on bad trust keystore signature

With `songe`, when the trust keystore signature is bad (forged keystore), a bad signature error message is displayed when calling songe with the `--list` option as well as others like `--verify`, which is confusing: is the file verified by `--verify` wrong?
It does *not* occur with `songev`.