--check-sigs cache and fingerprints

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Jun 27 19:14:54 CEST 2010

On 06/24/2010 05:57 AM, Nicholas Cole wrote:
> Is there any particular reason why the --with-colons output for
> --check-sigs lists the signing key fingerprint if the --no-sig-cache
> option is specified, but not if it doesn't?  If not, could a future
> update perhaps list the signing key fingerprint on all occasions?

I just tested this, and I see the behavior Nicholas describes (the
issuing key's fingerprint appears in field 13 only when --no-sig-cache
is used, regardless of whether --fixed-list-mode is present) on both gpg
1.4.10 and 2.0.14.

I agree that the issuing key's fingerprint should always be output,
regardless of --no-sig-cache.  I suspect the 64-bit keygrip emitted in
field 5 is too small go guarantee uniqueness against an attacker with
moderate resources.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100627/8da25dbe/attachment-0001.pgp>

More information about the Gnupg-devel mailing list