|
From: | Kenneth Loafman |
Subject: | Re: [Duplicity-talk] Sign-key verification with long fingerprints |
Date: | Mon, 21 Nov 2016 10:29:38 -0600 |
The thing is, GPG knows how to figure out what key one is referring to when given different things, such as email, first 20 characters of fingerprint, all 40 characters of fingerprint, etc, but Duplicity doesn'tDuplicity should probably consult GPG on the full fingerprint of the key being used to encrypt before it saves it, so that way if someone passes in a different (but still valid according to GPG) identifier for the key, we won't get these errorsExample of how GPG could be called by duplicity to get the full 40 character fingerprint given different identifiers passed in by the user (see the 'fpr' line)with email:[2016-11-17 15:42:07] address@hidden:~$ gpg2 --list-secret-keys --fingerprint --with-colons address@hiddensec::4096:1:C7DC9D26A1C7DFB9:1459373464::::::scESC:::: fpr:::::::::BB93C97A6D5BD11F4469A0F6C7DC9D 26A1C7DFB9: uid:::::1459373464::4B52287E61873F1175B997D6DD5684 840430C5C4::Aurelion Sol (Hope. Wonder. Insignificance. Imagine what they'll feel when I complete the stars.) <address@hidden>: uat:::::1459374102::175AADA90BE77BC78BD607F8011CFB 34AD2F7A14::1 11228: ssb::4096:1:AFC816A06E475087:1459373464::::::e:::: ssb::3072:17:2B5AE45A43093539:1459374008::::::s:::: ssb::4096:16:1BAC9BA4BF4D887D:1459374080::::::e:::: ssb::2048:1:AED498799F693180:1459374094::::::e:::: first 20 characters of fingerprint:[2016-11-17 15:42:17] address@hidden:~$ gpg2 --list-secret-keys --fingerprint --with-colons C7DC9D26A1C7DFB9sec::4096:1:C7DC9D26A1C7DFB9:1459373464::::::scESC:::: fpr:::::::::BB93C97A6D5BD11F4469A0F6C7DC9D 26A1C7DFB9: uid:::::1459373464::4B52287E61873F1175B997D6DD5684 840430C5C4::Aurelion Sol (Hope. Wonder. Insignificance. Imagine what they'll feel when I complete the stars.) <address@hidden>: uat:::::1459374102::175AADA90BE77BC78BD607F8011CFB 34AD2F7A14::1 11228: ssb::4096:1:AFC816A06E475087:1459373464::::::e:::: ssb::3072:17:2B5AE45A43093539:1459374008::::::s:::: ssb::4096:16:1BAC9BA4BF4D887D:1459374080::::::e:::: ssb::2048:1:AED498799F693180:1459374094::::::e:::: full 40 characters of fingerprint:[2016-11-17 15:44:07] address@hidden:~$ gpg2 --list-secret-keys --fingerprint --with-colons BB93C97A6D5BD11F4469A0F6C7DC9D26A1C7DFB9 sec::4096:1:C7DC9D26A1C7DFB9:1459373464::::::scESC:::: fpr:::::::::BB93C97A6D5BD11F4469A0F6C7DC9D 26A1C7DFB9: uid:::::1459373464::4B52287E61873F1175B997D6DD5684 840430C5C4::Aurelion Sol (Hope. Wonder. Insignificance. Imagine what they'll feel when I complete the stars.) <address@hidden>: uat:::::1459374102::175AADA90BE77BC78BD607F8011CFB 34AD2F7A14::1 11228: ssb::4096:1:AFC816A06E475087:1459373464::::::e:::: ssb::3072:17:2B5AE45A43093539:1459374008::::::s:::: ssb::4096:16:1BAC9BA4BF4D887D:1459374080::::::e:::: ssb::2048:1:AED498799F693180:1459374094::::::e:::: ~MarkOn Nov 17, 2016, at 11:25, Richard McGraw via Duplicity-talk <address@hidden> wrote:Hello,
I tried to verify a backup signed with --sign-key <40-digit-hex-string>
duplicity responds with:
Volume was signed by key 349A3434, not
123434343434343C3434343434343734349A3434
Does it imply that signature verification was skipped ? If yes, it
looks like a bug.
--
Richard
_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity- talk
_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity- talk
[Prev in Thread] | Current Thread | [Next in Thread] |