How to check fingerprint without importing?

Penelope Fudd kernel at pkts.ca
Wed Jul 6 02:40:54 CEST 2005


Hi..

I've got a pair of closely related problems, and I'm confident that
someone with the answer is on this list.

===
The first problem is:

  I'm installing rpm files on my snazzy new Fooble-Bar '05 (tm) Linux
system, and it complains that I don't have the GPG key installed for a
given rpm file, so it can't check the signature.  It says I need the GPG
key with the fingerprint 'aabbccddeeff'.

  On this system, there are about three dozen GPG key files that can be
loaded into my rpm database, and I'm pretty sure that one of them is the
right one, but I don't want to load them all.

  How do I find which GPG key file is the right one?
===

The second (hypothetical) problem is:

  I've just received a GPG key file from an anonymous source, stripped
of all plaintext.  According to what I've read, I need to import the key
file before I can display anything about it, but I really don't want to
do that, for fear of 'discovering' a new security exploit.  (I'm sure
none of us here can say there are no bugs in any given program, owing to
the fact that God doesn't use mailing lists AFAIK.)

  How do I print out details of GPG key files (fingerprints, owner, etc)
without importing them?

===

Thanks!
-- 
Penelope Fudd <kernel at pkts.ca>
(A non-subscriber to this mailing list since... the dawn of time!)




More information about the Gnupg-users mailing list