Fingerprint of the subkey just created?
Peter Lebbing
peter at digitalbrains.com
Thu Apr 4 22:19:04 CEST 2013
On 04/04/13 18:01, Jack Bates wrote:
> How can I get the fingerprint or key id of the subkey I just created?
A subkey doesn't really have a fingerprint, AFAIK. You use fingerprints to
identify/verify a key as a whole, which means the primary key.
I tried the following:
$ gpg2 --status-fd 0 --edit-key <keyid>
And indeed I get a whole lot more data, but not a key id. It ends in
[GNUPG:] KEY_CREATED S
However, I then tried again with:
$ gpg2 --verbose --verbose --status-fd 0 --edit-key <keyid>
Which was... very verbose, and included:
gpg: writing key binding signature
gpg: RSA/SHA1 signature from: "<primary key ID and UID where here>"
gpg: RSA/SHA1 signature from: "D8AB7B20 [?]"
gpg: writing key binding signature
gpg: RSA/SHA1 signature from: "<primary key ID and UID where here>"
gpg: RSA/SHA1 signature from: "D8AB7B20 [?]"
I did this with a test key which I used for a spam experiment, and I don't want
to crosspolenate that experiment, so I removed identifiers. But the "D8AB7B20
[?]" was the short keyid for the subkey.
This is for a signing subkey. If I repeat it for an encryption subkey, the key
binding signature is unidirectional, since an encryption subkey can't make a key
binding signature. So this method only works for signing subkeys. I don't have
reason to believe you need the --status-fd, and you could check if one --verbose
(or the short form) is enough. I just made supersure I had a lot of output :).
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list