fingerprint of key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Aug 14 17:14:45 CEST 2017


On Mon 2017-08-14 03:32:08 -0300, Duane Whitty wrote:
> I was recently trying to compare the fingerprint of a key I downloaded
> to its online stated value.  I thought I should be able to accomplish
> my goal with "gpg --fingerprint public-key-file.asc".  Gpg returned
> "gpg: error reading key: No public key"

"gpg --fingerprint" displays the fingerprint of a key that is already in
the user's keyring.

you'll need to "gpg --import public-key-file.asc" first, and then ask
for its fingerprint, especially with older versions of gnupg.

If you really want to isolate the imported key, you can use an ephemeral
GNUPGHOME directory, like so:

    export GNUPGHOME=$(mktemp -d)
    gpg --import < public-key-file.asc
    gpg --fingerprint
    rm -rf $GNUPGHOME

with more modern versions of gnupg, you can just use:

    gpg --with-fingerprint --import-options show-only --import < public-key-file.asc

hth,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170814/9cd1debf/attachment.sig>


More information about the Gnupg-users mailing list