Hi! With the latest debsig-verify I switched one of its gpg uses away from «--list-packets» to «--with-colons --show-keys». But the remaining one I cannot stop using as I do not know of a publicly supported interface to inspect a (detached) signature to get its issuer fingerprint or keyid. Given that using «--list-packets» is very strongly discouraged from other tools, it would be nice if there was a replacement for that use, so that I can move away from it. Thanks, Guillem
Hi!
You can do this:
gpg --verify --status-fd 1 x.asc /dev/null 2>/dev/null \
| awk '$1=="[GNUPG:]" && $2=="BADSIG" { print $3}'
which greps for
[GNUPG:] BADSIG 19CC1C9E085B107A wk@gnupg.org
This shows the keyid but not the newer fingerprint. Adding something
for the fingerprint would be easy, but it takes some time before it will
be widely enough deployed.
Salam-Shalom,
Werner
Hi!
Hmm, this feels like a hack though, as I don't really want to verify
it at that point, only fetch metadata from it, it would be nice to have
the equivalent of --show-keys for signatures. But I guess it fulfills
the "officially supported interface" part. For debsig-verify at least
I would not mind at all requiring a recent enough GnuPG, as long as
I'd be able to use a nicer interface. :)
But, thanks, for now I think I could instead switch to do something
like:
gpg --no-options --no-default-keyring --keyring /dev/null \
--status-fd 1 --verify x.asc /dev/null 2>/dev/null \
| awk '$1=="[GNUPG:]" && $2=="ERRSIG" \
{ if ($9 == "-") { print $3 } else { print $9 } }'
As that should be guaranteed regardless of keyring contents.
Thanks,
Guillem
You might also be interested in the following debian packages, which offer different subcommands with generalized OpenPGP inspection: rpacket: rpacket dump pgpdump: pgpdump sq: sq packet dump hope this is useful,