On 09/10/2015 01:22 PM, Bjoern Voigt wrote:
I found an interesting KGPG problem. Could someone confirm this?
I use KPG version 2.14.1 (openSUSE 13.2 default):
> kgpg --version Qt: 4.8.6 KDE: 4.14.9 KGpg: 2.14.1
> cat /etc/os-release NAME=openSUSE VERSION="13.2 (Harlequin)" VERSION_ID="13.2" PRETTY_NAME="openSUSE 13.2 (Harlequin) (x86_64)"
The fingerprint of security@suse.de in gpg2:
> gpg2 --edit-key 58FC58B1317CD502 gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
gpg: enabled debug flags: memstat
pub 4096R/0x58FC58B1317CD502 created: 2014-10-02 expires: never usage: SC trust: marginal validity: full sub 4096R/0x457446950DE80E03 created: 2014-10-02 expires: never usage: E [ full ] (1). SUSE Security Team
gpg> fpr pub 4096R/0x58FC58B1317CD502 2014-10-02 SUSE Security Team
Primary key fingerprint: E502 243D F6B7 E939 EA1B 4A0E 58FC 58B1 317C D502
The same fingerprint in KGPG:
Key properties: SUSE Security Team Key ID: 58FC58B1317CD502 Comment: none Creation: 02.10.2014 Expiration: Unlimited Trust: Full Owner trust: Marginally Algorithm: RSA/RSA Length: 4096/4096 Capabilities Signature, Encryption, Certification
Fingerprint
C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03
Greetings, Björn
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----Ursprüngliche Nachricht Ende----- Sorry I do not get it. Where do you see a problem? The first key is the one probably in a safe place, the public key was exported, then a subkey for signing was generated probably on a smartcard, , kgpg then reports for what I see here the subkey. The fingerprint of the subkey is reported in short form
Kgpg states
C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03 sub 4096R / 0x 4574 4695 0DE8 0E03
So, where do you see a problem here? Seems all right to me. The problem is that KGPG shows some kind of fingerprint, maybe the fingerprint of a subkey like you wrote.
But I need fingerprints to verify the correct transmission of public keys.
The correct fingerprint of the SUSE Security Team is (see https://en.opensuse.org/openSUSE:Security_team):
pub 4096R/317CD502 2014-10-02 Key fingerprint = E502 243D F6B7 E939 EA1B 4A0E 58FC 58B1 317C D502 uid [ full ] SUSE Security Team <security@suse.de> sub 4096R/0DE80E03 2014-10-02
My gpg2 command line tools shows this fingerprint, but KGPG shows something else (C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03).
I'd like to verify that other users also see a wrong fingerprint in KGPG before filing a bug report.
Greetings, Björn
What (exactly) was your kgpg command line? -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org