The trusted-key option requires a long key ID and won't take a fingerprint
Closed, ResolvedPublic

Description

I am using gpg (GnuPG) 2.2.19 / libgcrypt 1.8.5 on Debian Testing (11) and trying to use trusted-key 69FF455A869F9031A691E0F199392F62BAE30723 in my gpg.conf as I am in understanding that long key IDs are also at collision risk and I should use fingerprints everywhere where it's possible.

However that makes all commands error

gpg: '69FF455A869F9031A691E0F199392F62BAE30723' is not a valid long keyID

and while the manual says that the option takes a long key ID, I think it should also accept a fingerprint which is also the impression I got on #gnupg on freenode.

Mikaela created this task.Feb 26 2020, 11:55 AM
dkg added a subscriber: dkg.Feb 26 2020, 7:13 PM

I've just pushed ad55de70930543c1681b11e4bd624be074122b23 onto branch dkg/fix-4855 as a proposed fix, to permit --trusted-key to accept a full 20-byte fingerprint.

Internally, the keys are still identified by their 8-byte long key ID, but addressing that would be a much larger fix across the whole project.

werner triaged this task as Normal priority.
werner added a subscriber: werner.

Internally only the long key id is is used thus the fingerprint might give a wrong impression. OTOH, to allow easy migration to future versions, extracting the keyid from the fingerprint is a good idea.

werner closed this task as Resolved.Wed, Mar 18, 2:04 PM
werner claimed this task.

Thanks. I applied your patch to 2.2 and master. I had to do a minor fix because the function does not return anything. Also extended on master with another patch for v5 keys.