Fingerprints and Key-IDs - Was: [PATCH] avoid publishing the GnuPG version by default

ilf ilf at
Fri Aug 5 21:39:47 CEST 2016

Werner Koch:
>> How about removing the "keyid-format" option alltogether? 
> Nope. Breaks too many scripts.

Well, the man-page sais about --list-public-keys:

| Avoid using the output of this command in scripts or other programs as 
| it is likely to change as GnuPG changes. See --with-colons for a 
| machine-parseable key listing command that is appropriate for use in 
| scripts and other programs.

IMHO we need *not* be respectful to third-party tools using GnuPG in a 
way that it explicitly warns against, exactly because it might break.

If we don't agree on dropping --keyid-format completely, I would at 
least expect --keyid-format 0xlong not to display *less* data than 
--keyid-format none, especially the fingerprint should not be left out. 
(And that's what "none" is for in the first place, no?)

>> % gpg --options /dev/null --list-keys 80615870F5BAD690333686D0F2AD85AC1E42B367
>> pub   dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
>>     80615870F5BAD690333686D0F2AD85AC1E42B367
>> % gpg --options /dev/null --keyid-format 0xlong --list-keys 80615870F5BAD690333686D0F2AD85AC1E42B367
>> pub   dsa2048/0xF2AD85AC1E42B367 2007-12-31 [SC] [expires: 2018-12-31]

Werner Koch:
> FWIW, I recently learned that there widely used tools which parse 
> --list-packets. An option I always considered a debug interface.

Which ones? Let's contact the maintainers to get them fixed.

> When I added lines '# foo' the scripts broke despite that I took 
> caution to use a de-facto comment standard for these new lines.

Funny, when I append a comment after "default-key" in gpg.conf, GnuPG 
2.1 fails for me:

| % grep ^default-key .gnupg/gpg.conf
| default-key 0xCBB15A68EF3AC804875D5C4E153FE398821C8394 # ilf
| % gpg2 --sign
| gpg: secret key "0xCBB15A68EF3AC804875D5C4E153FE398821C8394 # ilf" not found: Invalid user ID
| gpg: (check argument of option '--default-key')
| gpg: all values passed to '--default-key' ignored


| % grep ^default-key .gnupg/gpg.conf
| default-key 0xCBB15A68EF3AC804875D5C4E153FE398821C8394
| % gpg2 --sign
| gpg: using "0xCBB15A68EF3AC804875D5C4E153FE398821C8394" as default secret key for signing


Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: </pipermail/attachments/20160805/d15f56fe/attachment.sig>

More information about the Gnupg-devel mailing list