Fingerprint of the subkey just created?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Apr 4 22:56:50 CEST 2013


On 04/04/2013 04:19 PM, Peter Lebbing wrote:
> On 04/04/13 18:01, Jack Bates wrote:
>> How can I get the fingerprint or key id of the subkey I just created?
> 
> A subkey doesn't really have a fingerprint, AFAIK. You use fingerprints to
> identify/verify a key as a whole, which means the primary key.

the fingerprint of a subkey is actually well-defined.  I don't know the
answer to Jack's original question, but you can find the specification
for subkey fingerprints in RFC 4880:

   https://tools.ietf.org/html/rfc4880#section-12.2

>>    Finally, the Key ID and fingerprint of a subkey are calculated in the
>>    same way as for a primary key, including the 0x99 as the first octet
>>    (even though this is not a valid packet ID for a public subkey).



Jack, gpg will emit the fingerprints for the subkeys if you supply the
--fingerprint argument twice.  So you might try parsing the output of:

 gpg --list-keys --with-colons --fingerprint --fingerprint
--fixed-list-mode $PGPID

the lines that start with sub: indicate the subkey (and include creation
timestamps in field 6), and the lines immediately following them that
start with fpr: contain the full fingerprint in column 10. If you just
keep track of the most recent creation timestamp and remember its
fingerprint you could find the most recent subkey.

It's probably 2 or 3 lines of awk if you're into that kind of stuff :)

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130404/60e29d46/attachment.sig>


More information about the Gnupg-users mailing list