fingerprint of key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Aug 14 23:05:38 CEST 2017


On Mon 2017-08-14 15:09:22 -0400, Todd Zullinger wrote:
>     $ gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-25-primary
>     pub  4096R/FDB19C98 2016-03-31 Fedora 25 Primary (25) <fedora-25-primary at fedoraproject.org>
>           Key fingerprint = C437 DCCD 558A 66A3 7D6F  4372 4089 D8F2 FDB1 9C98
>
>     $ gpg2 --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-25-primary
>     pub   rsa4096 2016-03-31 [SCE]
>           C437 DCCD 558A 66A3 7D6F  4372 4089 D8F2 FDB1 9C98
>     uid           Fedora 25 Primary (25) <fedora-25-primary at fedoraproject.org>

the trouble with these two invocations of gpg is that they offer no
command.  Each invocation of GnuPG is supposed to include exactly one
command and zero or more options.  As the gpg(1) manpage says:

    gpg [--homedir dir] [--options file] [options] command [args]

--with-fingerprint is a GnuPG option, not a command.  When you give gpg
no command, you're basically saying "hey, gpg, do whatever you think is
reasonable."

more recent versions of gpg will complain:

    gpg: WARNING: no command supplied.  Trying to guess what you mean ...

Please see https://dev.gnupg.org/T2943 for more discussion of this
situation and why it is problematic.

> Also, both 2.1.13 on fedora 25 and 2.1.22 on fedora rawhide, the 
> command above complains about the show-only option:
>
>     $ gpg2 --version
>     gpg (GnuPG) 2.1.22
>
>     $ gpg2 --with-fingerprint --import-options show-only --import < /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-25-primary
>     gpg: unknown option 'show-only'
>     gpg: invalid import options
>
> Is there a typo in that command or is show-only not in the latest 
> release of the 2.1 branch?

the latest release of the 2.1 branch is 2.1.23.  show-only was added in
2.1.23.

        --dkg



More information about the Gnupg-users mailing list