John Andersen wrote:

On 09/10/2015 01:22 PM, Bjoern Voigt wrote:

...

...

...

I found an interesting KGPG problem. Could someone confirm this?

I use KPG version 2.14.1 (openSUSE 13.2 default):

> kgpg --version Qt: 4.8.6 KDE: 4.14.9 KGpg: 2.14.1

> cat /etc/os-release NAME=openSUSE VERSION="13.2 (Harlequin)" VERSION_ID="13.2" PRETTY_NAME="openSUSE 13.2 (Harlequin) (x86_64)"

The fingerprint of security@suse.de in gpg2:

> gpg2 --edit-key 58FC58B1317CD502 gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

gpg: enabled debug flags: memstat

pub 4096R/0x58FC58B1317CD502 created: 2014-10-02 expires: never usage: SC trust: marginal validity: full sub 4096R/0x457446950DE80E03 created: 2014-10-02 expires: never usage: E [ full ] (1). SUSE Security Team

gpg> fpr pub 4096R/0x58FC58B1317CD502 2014-10-02 SUSE Security Team

Primary key fingerprint: E502 243D F6B7 E939 EA1B 4A0E 58FC 58B1 317C D502

The same fingerprint in KGPG:

Key properties: SUSE Security Team Key ID: 58FC58B1317CD502 Comment: none Creation: 02.10.2014 Expiration: Unlimited Trust: Full Owner trust: Marginally Algorithm: RSA/RSA Length: 4096/4096 Capabilities Signature, Encryption, Certification

Fingerprint

C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03

Greetings, Björn

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

-----Ursprüngliche Nachricht Ende----- Sorry I do not get it. Where do you see a problem? The first key is the one probably in a safe place, the public key was exported, then a subkey for signing was generated probably on a smartcard, , kgpg then reports for what I see here the subkey. The fingerprint of the subkey is reported in short form

Kgpg states

C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03 sub 4096R / 0x 4574 4695 0DE8 0E03

So, where do you see a problem here? Seems all right to me. The problem is that KGPG shows some kind of fingerprint, maybe the fingerprint of a subkey like you wrote.

But I need fingerprints to verify the correct transmission of public keys.

The correct fingerprint of the SUSE Security Team is (see https://en.opensuse.org/openSUSE:Security_team):

pub 4096R/317CD502 2014-10-02 Key fingerprint = E502 243D F6B7 E939 EA1B 4A0E 58FC 58B1 317C D502 uid [ full ] SUSE Security Team <security@suse.de> sub 4096R/0DE80E03 2014-10-02

My gpg2 command line tools shows this fingerprint, but KGPG shows something else (C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03).

I'd like to verify that other users also see a wrong fingerprint in KGPG before filing a bug report.

Greetings, Björn

What (exactly) was your kgpg command line? kpgp starts automatically on my KDE desktop. "ps" shows

bjoernv 3103 0.0 0.0 565596 8328 ? S 08:59 0:01 kdeinit4: kglobalaccel [kdeinit] bjoernv 3285 0.0 0.0 701816 10836 ? Sl 08:59 0:07 /usr/bin/kget -session 10153faa1ee000141518136900000037380038_1441836163_895700 The GnuPG Setting in Settings -> Configure KGpg -> GnuPG Settings are: Home location: /home/bjoernv/.gnupg/ Configuration file: gpg.conf Program path: gpg2 [v] Use GnuPG agent Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

John Andersen wrote:

On 09/10/2015 02:09 PM, Bjoern Voigt wrote:

...

John Andersen wrote:

...

On 09/10/2015 01:22 PM, Bjoern Voigt wrote:

...

...

...

I found an interesting KGPG problem. Could someone confirm this?

I use KPG version 2.14.1 (openSUSE 13.2 default):

> kgpg --version Qt: 4.8.6 KDE: 4.14.9 KGpg: 2.14.1

> cat /etc/os-release NAME=openSUSE VERSION="13.2 (Harlequin)" VERSION_ID="13.2" PRETTY_NAME="openSUSE 13.2 (Harlequin) (x86_64)"

The fingerprint of security@suse.de in gpg2:

> gpg2 --edit-key 58FC58B1317CD502 gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

gpg: enabled debug flags: memstat

pub 4096R/0x58FC58B1317CD502 created: 2014-10-02 expires: never usage: SC trust: marginal validity: full sub 4096R/0x457446950DE80E03 created: 2014-10-02 expires: never usage: E [ full ] (1). SUSE Security Team

gpg> fpr pub 4096R/0x58FC58B1317CD502 2014-10-02 SUSE Security Team

Primary key fingerprint: E502 243D F6B7 E939 EA1B 4A0E 58FC 58B1 317C D502

The same fingerprint in KGPG:

Key properties: SUSE Security Team Key ID: 58FC58B1317CD502 Comment: none Creation: 02.10.2014 Expiration: Unlimited Trust: Full Owner trust: Marginally Algorithm: RSA/RSA Length: 4096/4096 Capabilities Signature, Encryption, Certification

Fingerprint

C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03

Greetings, Björn

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

-----Ursprüngliche Nachricht Ende----- Sorry I do not get it. Where do you see a problem? The first key is the one probably in a safe place, the public key was exported, then a subkey for signing was generated probably on a smartcard, , kgpg then reports for what I see here the subkey. The fingerprint of the subkey is reported in short form

Kgpg states

C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03 sub 4096R / 0x 4574 4695 0DE8 0E03

So, where do you see a problem here? Seems all right to me. The problem is that KGPG shows some kind of fingerprint, maybe the fingerprint of a subkey like you wrote.

But I need fingerprints to verify the correct transmission of public keys.

The correct fingerprint of the SUSE Security Team is (see https://en.opensuse.org/openSUSE:Security_team):

pub 4096R/317CD502 2014-10-02 Key fingerprint = E502 243D F6B7 E939 EA1B 4A0E 58FC 58B1 317C D502 uid [ full ] SUSE Security Team <security@suse.de> sub 4096R/0DE80E03 2014-10-02

My gpg2 command line tools shows this fingerprint, but KGPG shows something else (C2FE 18E6 D4A7 021A 787C B734 4574 4695 0DE8 0E03).

I'd like to verify that other users also see a wrong fingerprint in KGPG before filing a bug report.

Greetings, Björn

What (exactly) was your kgpg command line? kpgp starts automatically on my KDE desktop. "ps" shows

bjoernv 3103 0.0 0.0 565596 8328 ? S 08:59 0:01 kdeinit4: kglobalaccel [kdeinit] bjoernv 3285 0.0 0.0 701816 10836 ? Sl 08:59 0:07 /usr/bin/kget -session 10153faa1ee000141518136900000037380038_1441836163_895700

The GnuPG Setting in Settings -> Configure KGpg -> GnuPG Settings are:

Home location: /home/bjoernv/.gnupg/ Configuration file: gpg.conf Program path: gpg2 [v] Use GnuPG agent

Greetings, Björn

Well, I was really asking where you got the output of KGpg that you wanted us to confirm for you. After digging around:

in the KGpg window, which I found residing in the KDE4 Tray And selecting the Security Team entry that has an email address of security@suse.com, avoiding the entry with security@suse.de, Then right clicking and selecting Key Properties, I finally find output similar to the output you show above, but which you never explained how to get to.

When I do all those steps I see key Id 58FC58B1317CD502 ... Fingerprint E502 243D F6B7 E939 EA1B 4A0E 58FC 58B1 317C D502 Ok, see attached screenshot. You see, that I selected security@suse.de with Key ID 58FC58B1317CD502 (like you).

I get a different fingerprint in KGPG. Your Fingerprint is correct. Greetings, Björn

John, On 09/11/2015 07:28 PM, John Andersen wrote: < attachment > Set font hinting to slight ;-). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org