From 9c57de75cf36cfcf408eda1b59a0362a061517ce Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 4 Aug 2020 11:03:49 +0200
Subject: [PATCH] sm: Also show the SHA-256 fingerprint.

* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: e7d70923901eeb6a2c26445aee9db7e78f6f7f3a

Here in 2.2 we keep the string "fingerprint:" and no not change it to
"sha1 fpr" as we did in master (2.3).
---
 doc/DETAILS  |  5 +++--
 sm/keylist.c | 12 ++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/doc/DETAILS b/doc/DETAILS
index acca24215..eee8589d4 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -61,6 +61,7 @@ described here.
     - rev :: Revocation signature
     - rvs :: Recocation signature (standalone) [since 2.2.9]
     - fpr :: Fingerprint (fingerprint is in field 10)
+    - fp2 :: SHA-256 fingerprint (fingerprint is in field 10)
     - pkd :: Public key data [*]
     - grp :: Keygrip
     - rvk :: Revocation key
@@ -168,8 +169,8 @@ described here.
     (the colon is quoted =\x3a=).  For a "pub" record this field is
     not used on --fixed-list-mode.  A UAT record puts the attribute
     subpacket count here, a space, and then the total attribute
-    subpacket size.  In gpgsm the issuer name comes here.  A FPR
-    record stores the fingerprint here.  The fingerprint of a
+    subpacket size.  In gpgsm the issuer name comes here.  The FPR and FP2
+    records store the fingerprints here.  The fingerprint of a
     revocation key is stored here.
 
 *** Field 11 - Signature class
diff --git a/sm/keylist.c b/sm/keylist.c
index 8c7fafc28..e0b681f3d 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -559,6 +559,10 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
   es_putc ('\n', fp);
   xfree (fpr); fpr = NULL; chain_id = NULL;
   xfree (chain_id_buffer); chain_id_buffer = NULL;
+  /* SHA256 FPR record */
+  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA256);
+  es_fprintf (fp, "fp2:::::::::%s::::\n", fpr);
+  xfree (fpr); fpr = NULL;
 
   /* Always print the keygrip.  */
   if ( (p = gpgsm_get_keygrip_hexstring (cert)))
@@ -773,6 +777,10 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
       es_putc ('\n', fp);
     }
 
+  dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA256);
+  es_fprintf (fp, "     sha2_fpr: %s\n", dn?dn:"error");
+  xfree (dn);
+
   dn = gpgsm_get_fingerprint_string (cert, 0);
   es_fprintf (fp, "     sha1_fpr: %s\n", dn?dn:"error");
   xfree (dn);
@@ -1295,6 +1303,10 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
   es_fprintf (fp, "  fingerprint: %s\n", dn?dn:"error");
   xfree (dn);
 
+  dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA256);
+  es_fprintf (fp, "     sha2 fpr: %s\n", dn?dn:"error");
+  xfree (dn);
+
   if (opt.with_keygrip)
     {
       dn = gpgsm_get_keygrip_hexstring (cert);