security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Extend the "sig" record in --list-mode.

Browse source 
* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
callers.
(get_user_id): Add arg R_NOUID.  Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode.  Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--

Scripts used to rely on the "User ID not found" string even in the
--with-colons listing.  However, that is not a good idea because that
string is subject to translations etc.  Now we have an explicit way of
telling that a key is missing.  For example:

  gpg --list-sigs --with-colons | \
    awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'

Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-04-12 17:53:17 +02:00
parent 23a714598c
commit 69c3e7acb7
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
10 changed files with 55 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

17
doc/DETAILS
View file

@ -105,6 +105,19 @@ described here.
certificate (i.e. for the trust anchor) and an 'f' for all other
valid certificates.
In "sig" records, this field may have one of these values as first
character:
- ! :: Signature is good.
- - :: Signature is bad.
- ? :: No public key to verify signature or public key is not usable.
- % :: Other error verifying a signature
More values may be added later. The field may also be empty if
gpg has been invoked in a non-checking mode (--list-sigs) or in a
fast checking mode. Since 2.2.7 '?' will also be printed by the
command --list-sigs if the key is not in the local keyring.
*** Field 3 - Key length
The length of key in bits.
@ -195,9 +208,11 @@ described here.
gpg's --edit-key menu does.
For "sig" records, this is the fingerprint of the key that issued
the signature. Note that this is only filled in if the signature
the signature. Note that this may only be filled if the signature
verified correctly. Note also that for various technical reasons,
this fingerprint is only available if --no-sig-cache is used.
Since 2.2.7 this field will also be set if the key is missing but
the signature carries an issuer fingerprint as meta data.
*** Field 14 - Flag field