x488 vs all other : keyid flip

Andrew Gallagher andrewg at andrewg.com
Wed Apr 17 16:57:27 CEST 2024


On 17 Apr 2024, at 15:43, Christian Sommer <code.soma.kurisu at gmail.com> wrote:
> 
> You are right Andrew!
> 
> I indeed choose to preset the "with-fingerprint" option in my
> gpg.conf. By removing it, listing my keys give back the full 64
> character long fingerprint of my X448 key.

Good to hear!

I think the best solution is for gnupg to ignore the `with-fingerprint` configuration option. Modern versions display primary key fingerprints by default anyway, so the alternative display format is both redundant and potentially confusing.

I would be particularly concerned that people with different settings in their gpg.conf would see a mismatch between the 50-character fingerprint on one machine and the 64-character fingerprint on another, and incorrectly infer that something shady was going on. Differences in whitespace formatting are broadly expected (ref: credit card numbers) but truncation is not.

And to pick up on an earlier point, short key IDs should never be displayed or processed under any circumstances. Evil32 was a whole decade ago.

A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240417/cdf366d7/attachment.sig>


More information about the Gnupg-users mailing list