Next: Trust Values, Previous: Invoking SCDAEMON, Up: Top [Contents][Index]
There are different ways to specify a user ID to GnuPG. Some of them
are only valid for gpg
others are only good for
gpgsm
. Here is the entire list of ways to specify a key:
0x
prefix. The key Id of an X.509 certificate are the low 64 bits
of its SHA-1 fingerprint. The use of key Ids is just a shortcut, for
all automated processing the fingerprint should be used.
When using gpg
an exclamation mark (!) may be appended to
force using the specified primary or secondary key and not to try and
calculate which primary or secondary key to use.
The last four lines of the example give the key ID in their long form as internally used by the OpenPGP protocol. You can see the long key ID using the option --with-colons.
234567C4 0F34E556E 01347A56A 0xAB123456 234AABBCC34567C4 0F323456784E56EAB 01AB3FED1347A5612 0x234AABBCC34567C4 |
0x
prefix. Note, that only the 20 byte version fingerprint
is available with gpgsm
(i.e. the SHA-1 hash of the
certificate).
When using gpg
an exclamation mark (!) may be appended to
force using the specified primary or secondary key and not to try and
calculate which primary or secondary key to use.
The best way to specify a key Id is by using the fingerprint. This avoids any ambiguities in case that there are duplicated key IDs.
1234343434343434C434343434343434 123434343434343C3434343434343734349A3434 0E12343434343434343434EAB3484343434343434 0xE12343434343434343434EAB3484343434343434 |
gpgsm
also accepts colons between each pair of hexadecimal
digits because this is the de-facto standard on how to present X.509
fingerprints. gpg
also allows the use of the space
separated SHA-1 fingerprint as printed by the key listing commands.
=Heinrich Heine <heinrichh@uni-duesseldorf.de> |
<heinrichh@uni-duesseldorf.de> |
@
.
This uses a substring search but considers only the mail address
(i.e. inside the angle brackets).
@heinrichh |
gpgsm --list-keys
because that one has been reordered and modified
for better readability; use --with-colons to print the raw
(but standard escaped) RFC-2253 string.
/CN=Heinrich Heine,O=Poets,L=Paris,C=FR |
#/CN=Root Cert,O=Poets,L=Paris,C=FR |
#4F03/CN=Root Cert,O=Poets,L=Paris,C=FR |
gpgsm
prints the keygrip when using the command
--dump-cert.
&D75F22C3F86E355877348498CDC92BD21010A480 |
Heine *Heine |
Please note that we have reused the hash mark identifier which was used in old GnuPG versions to indicate the so called local-id. It is not anymore used and there should be no conflict when used with X.509 stuff.
Using the RFC-2253 format of DNs has the drawback that it is not possible to map them back to the original encoding, however we don’t have to do this because our key database stores this encoding as meta data.
Next: Trust Values, Previous: Invoking SCDAEMON, Up: Top [Contents][Index]