[Pkg-gnupg-maint] Bug#769890: caff: Does not show fingerprint for verification when multiple uids are present

Matthijs Kooijman matthijs at stdin.nl
Mon Nov 17 11:08:43 UTC 2014 

Package: signing-party
Version: 1.1.11-1
Severity: normal

Hi folks,

I just tried to use the caff package to sign keys. When used with a key
with a single uid, this nicely shows the key fingerprint so it can be
checked before signing:


  [INFO] Sign the following keys according to your policy, then exit gpg with 'save' after signing each key
  gpg --local-user 3798AF15A1565658 --homedir=/home/matthijs/.caff/gnupghome --secret-keyring /home/matthijs/.gnupg/secring.gpg --no-auto-check-trustdb --trust-model=always --edit-key 98E0D178DCB90C1945C50DB1ED0DD3368DE40924 showphoto sign
  gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.


  pub  4096R/8DE40924  created: 2011-11-04  expires: never       usage: SC
  sub  4096R/8133EC28  created: 2011-11-04  expires: never       usage: E
  [ unknown] (1). Martijn van Brummelen (25-08-1982) <martijn at brumit.nl>



  pub  4096R/8DE40924  created: 2011-11-04  expires: never       usage: SC
   Primary key fingerprint: 98E0 D178 DCB9 0C19 45C5  0DB1 ED0D D336 8DE4 0924

       Martijn van Brummelen (25-08-1982) <martijn at brumit.nl>

  Are you sure that you want to sign this key with your
  key "Matthijs Kooijman <matthijs at stdin.nl>" (A1565658)

  Really sign? (y/N) y

However, when multiple uids are present, the fingerprint is not shown:

  [INFO] Sign the following keys according to your policy, then exit gpg with 'save' after signing each key
  gpg --local-user 3798AF15A1565658 --homedir=/home/matthijs/.caff/gnupghome --secret-keyring /home/matthijs/.gnupg/secring.gpg --no-auto-check-trustdb --trust-model=always --edit-key 566A0E6BF957F44032BF2DBAF8307A6ED690AC06 showphoto sign
  gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.


  pub  4096R/D690AC06  created: 2010-09-18  expires: never       usage: SC
  sub  4096R/721F9133  created: 2010-09-18  expires: never       usage: E
  [ unknown] (1). Jan-Pascal van Best <janpascal at vanbest.org>
  [ unknown] (2)  Jan-Pascal van Best <janpascal at vanbest.eu>


  Really sign all user IDs? (y/N)

After selecting "y" here, it turns out that the fingerprint _is_
actually shown (but I previously didn't want to select y before I
confirmed the fingerprint). So perhaps this is just gnupg being unclear
with its prompts?

So might be something that needs to be fixed in gnupg, but I'm reporting it
here because perhaps just needs to modify its options to gpg (haven't
investigated this yet). I've included the gnupg maintainers in Cc, feel
free to reassign this bug if appropriate.

Gr.

Matthijs

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.18.0-rc3+ (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages signing-party depends on:
ii  gnupg                      1.4.18-4
ii  libc6                      2.19-11
ii  libclass-methodmaker-perl  2.21-1+b1
ii  libgnupg-interface-perl    0.50-3
ii  libmailtools-perl          2.13-1
ii  libmime-tools-perl         5.505-1
ii  libnet-idn-encode-perl     2.201-1
ii  libterm-readkey-perl       2.32-1+b1
ii  libtext-template-perl      1.46-1
ii  perl                       5.20.1-1
pn  python:any                 <none>
ii  qprint                     1.0.dfsg.2-2

Versions of packages signing-party recommends:
ii  dialog                                     1.2-20140219-1
ii  exim4-daemon-light [mail-transport-agent]  4.84-2
ii  libgd-perl [libgd-gd2-perl]                2.53-1+b1
ii  libpaper-utils                             1.1.24+nmu3
ii  whiptail                                   0.52.17-1

Versions of packages signing-party suggests:
ii  fonts-droid                1:4.4.3r1.1-1
ii  imagemagick                8:6.8.9.6-4
ii  mutt                       1.5.23-1.1
pn  qrencode                   <none>
ii  texlive-font-utils         2014.20140821-1
ii  texlive-latex-recommended  2014.20140821-1
pn  texlive-xetex              <none>
pn  wipe                       <none>

-- no debconf information

More information about the Pkg-gnupg-maint mailing list