GPG (v. 1.4.12) is not user-friendly

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Thu Jan 1 22:48:28 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 01/01/2015 05:59 AM, Kelly Dean wrote:
> Ryan Sawhill wrote:
>> I disagree with your subject, and propose that you google for a 
>> tutorial since the man page clearly didn't work for you.
> 
> The man page did work for me, and I was able to accomplish my 
> goal.
> 


...

> 
> Now I'm afraid you'll just ask, ‟why not just import it?”, even 
> though that misses the point. The answer is: I don't want it on my
>  keyring, if it's the wrong key.

At this point I would just like to point out that nobody should rely
on the existence of a key in the keyring for security. After a proper
key validation the key should be signed, either locally or as an
exportable signature to form part of the WoT. As such the existence of
the key on the keyring really does not pose any issue (maybe except
for aesthetically)

> 
> Getting the fingerprint should not require importing the key. 
> Getting the fingerprint should not require writing to any file at 
> all. It should only require reading.

Just looking at the file in question the fingerprint is not stored
along with the data, but you can get the long keyid using

$ gpg --list-packets Tmp/kf.asc
...
:public key packet:
        version 4, algo 1, created 1197735934, expires 0
...
        keyid: 0B7F8B60E3EDFAE3

For the fingerprint the key will have to be parsed and the fingerprint
calculated. This doesn't have to be done in the primary user keyring
however, but you can easily use a temporary keyring - see "--keyring file"

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Action is the foundational key to all success"
(Pablo Picasso)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUpcCrAAoJEPw7F94F4TaghTEQAKX1odInTX1bewigLfrhTX7t
inVyTS7oxdA/AsiRayx3jo2lj+tGoe+eYcRphhPmeclQ5hk8pL8bgpRrjJWfpuwL
GIRj1Pr7Z6ArnxdotrVlNQ9pl28K/RlcXE4Ogoq9cfaAvoMfY6TGU5T7gqO7vywN
gyGFTE0C+ol4qf3PzlSUmIojn1KFsgzJhufHAKCD6Oi0EVrbk1JtfbKe4zqwB2Iy
AhMHVX7cExUn3JlXeEzBwmeMBtsZvLjfb2OCWu0ULlSO/yXDd09jbPdscoVH3iPs
zZBpTIN4efprvd9HahqDLqRGTpUCAvTRGotSlA9suynavRZPCvFs7J7gpXam/o2b
Q1di1OJSCff+Hoax0RXH80eHzzlyVRwNMnogPtayw6OStKET5AggC+quN38SNV20
A23LFvx7b/IN5ZYC3mcdVWR4oMPrS+OPdIF2WDY82CmCS0Djk5CrzgXVfYF4MsdG
7aol0QIkEIAkhJR+5SwqgjMd4mXrX5WWdPbsiCeWuIPWdmOdF0y2I7agSnljZpIT
dSQSNS2wIbTXFaqkxeMHXk2NIlTjQUMWNmTiHa9BWJLACQoHqwI/YAAMzF2OjoS9
7svQiHgULozxrC3U9dtlN/abqQDlnmK4Pze2WwRRSABrjz5l1D3bUBAMugjpyQ/E
3zO33S9H/AcsWKYpEXfx
=YG2W
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list