fingerprint of key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Aug 15 01:50:04 CEST 2017


On Mon 2017-08-14 19:03:19 -0300, Duane Whitty wrote:
> I did not and still do not want to import the oracle_vbox public key
> into my key ring.  I am happy to download it and check it each time.

I think this is an interesting choice, but i don't understand why you've
made it.  Can you say more about why you don't want to import the key,
and why you prefer to fetch it each time?

> Before I go down the road on offering an opinion on how the man page
> should be "fixed" (maybe it's not really broken) can you explain why
> it would be bad to let gpg generate and display the fingerprint of a
> key in an ascii armoured file?

I'm not saying it's "bad" -- it's just not what --fingerprint does.

       --fingerprint
              List all keys (or the specified ones) along with  their  finger‐
              prints.  This  is  the  same  output as --list-keys but with the
              additional output of a line with the fingerprint.  May  also  be
              combined  with --list-signatures or --check-signatures.  If this
              command is given twice, the fingerprints of all  secondary  keys
              are  listed  too.   This  command also forces pretty printing of
              fingerprints if the keyid format has been set to "none".

So it's like --list-keys, which says:

       --list-keys
       -k
       --list-public-keys
              List the specified keys.  If no keys  are  specified,  then  all
              keys from the configured public keyrings are listed.


in other words (or maybe it's not as explicitly stated as it should be),
"list all the keys in your keyring that match the specification".  This
command is not intended for listing fingerprints of keys that come in on
stdin, or of an external file.

That said, you could combine it with:

    --no-default-keyring --keyring /path/to/file.gpg

(as long as the file wasn't ascii-armored, and as long as you weren't
concerned about updating your trustdb by accident, etc).

Again, i'm not saying this is particularly user-friendly, i'm just
trying to help you understand the current state of the tool.

If you have specific suggestions for how to improve the tool, please
suggest them!

        --dkg



More information about the Gnupg-users mailing list