Page MenuHome GnuPG
Create Task
Maniphest T4855

The trusted-key option requires a long key ID and won't take a fingerprint
Closed, ResolvedPublic
Actions

Description

I am using gpg (GnuPG) 2.2.19 / libgcrypt 1.8.5 on Debian Testing (11) and trying to use trusted-key 69FF455A869F9031A691E0F199392F62BAE30723 in my gpg.conf as I am in understanding that long key IDs are also at collision risk and I should use fingerprints everywhere where it's possible.

However that makes all commands error

gpg: '69FF455A869F9031A691E0F199392F62BAE30723' is not a valid long keyID

and while the manual says that the option takes a long key ID, I think it should also accept a fingerprint which is also the impression I got on #gnupg on freenode.

Details

Version
2.2.19

Revisions and Commits

rG GnuPG
rGb6d89d1944c5 gpg: Update --trusted-key to accept fingerprint as well as long key id.
rG4287f89557b3 gpg: Also allow a v5 fingerprint for --trusted-key.
rG810ea2cc6844 gpg: Update --trusted-key to accept fingerprint as well as long key id.
rGad55de709305 gpg: Update --trusted-key to accept fingerprint as well as long key id.

Related Objects

Event Timeline

Mikaela created this task.Feb 26 2020, 11:55 AM
dkg added a subscriber: dkg.Feb 26 2020, 7:13 PM

I've just pushed ad55de70930543c1681b11e4bd624be074122b23 onto branch dkg/fix-4855 as a proposed fix, to permit --trusted-key to accept a full 20-byte fingerprint.

Internally, the keys are still identified by their 8-byte long key ID, but addressing that would be a much larger fix across the whole project.

dkg added a commit: rGad55de709305: gpg: Update --trusted-key to accept fingerprint as well as long key id..Feb 26 2020, 7:14 PM
werner triaged this task as Normal priority.Feb 27 2020, 10:14 AM
werner edited projects, added Feature Request, gnupg (gpg22); removed Bug Report.
werner added a subscriber: werner.

Internally only the long key id is is used thus the fingerprint might give a wrong impression. OTOH, to allow easy migration to future versions, extracting the keyid from the fingerprint is a good idea.

werner added a commit: rG810ea2cc6844: gpg: Update --trusted-key to accept fingerprint as well as long key id..Mar 18 2020, 1:58 PM
werner added a commit: rG4287f89557b3: gpg: Also allow a v5 fingerprint for --trusted-key..
werner added a commit: rGb6d89d1944c5: gpg: Update --trusted-key to accept fingerprint as well as long key id..Mar 18 2020, 2:02 PM
werner closed this task as Resolved.Mar 18 2020, 2:04 PM
werner claimed this task.

Thanks. I applied your patch to 2.2 and master. I had to do a minor fix because the function does not return anything. Also extended on master with another patch for v5 keys.

werner mentioned this in T4860: Release GnuPG 2.2.20 .Mar 20 2020, 5:56 PM