GPG (v. 1.4.12) is not user-friendly
kristian.fiskerstrand at sumptuouscapital.com
Thu Jan 1 22:48:28 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 01/01/2015 05:59 AM, Kelly Dean wrote:
> Ryan Sawhill wrote:
>> I disagree with your subject, and propose that you google for a
>> tutorial since the man page clearly didn't work for you.
> The man page did work for me, and I was able to accomplish my
> Now I'm afraid you'll just ask, ‟why not just import it?”, even
> though that misses the point. The answer is: I don't want it on my
> keyring, if it's the wrong key.
At this point I would just like to point out that nobody should rely
on the existence of a key in the keyring for security. After a proper
key validation the key should be signed, either locally or as an
exportable signature to form part of the WoT. As such the existence of
the key on the keyring really does not pose any issue (maybe except
> Getting the fingerprint should not require importing the key.
> Getting the fingerprint should not require writing to any file at
> all. It should only require reading.
Just looking at the file in question the fingerprint is not stored
along with the data, but you can get the long keyid using
$ gpg --list-packets Tmp/kf.asc
:public key packet:
version 4, algo 1, created 1197735934, expires 0
For the fingerprint the key will have to be parsed and the fingerprint
calculated. This doesn't have to be done in the primary user keyring
however, but you can easily use a temporary keyring - see "--keyring file"
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Action is the foundational key to all success"
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users