Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Best way to get fingerprint programatically
johndoe65534 at mail
Dec 17, 2019, 11:19 PM
Post #1 of 7 (649 views)
Permalink
Hi,

I'm using the following command to get the fingerprint to quickly change
the expiration date on a key.

$ gpg --quick-set-expire $(gpg --with-colons -k test | awk -F:::::::::
'NR==3{print substr($2,1,length($2)-1)}') 1d


I'm just wondering if there isn't a better, programatically, way to go
about it?

In other words, why '--quick-set-expire' requires a fingerprint and does
not accept a <USER-ID>.


Any input is welcome.

--
John Doe

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best way to get fingerprint programatically [ In reply to ]
andrewg at andrewg
Dec 18, 2019, 1:20 AM
Post #2 of 7 (649 views)
Permalink
On 18/12/2019 07:19, john doe wrote:
> $ gpg --quick-set-expire $(gpg --with-colons -k test | awk -F:::::::::
> 'NR==3{print substr($2,1,length($2)-1)}') 1d
>
> I'm just wondering if there isn't a better, programatically, way to go
> about it?
Your awk looks awkward to me. What about this instead?

awk -F: '/^fpr/ {print $10}'

--
Andrew Gallagher

Attached Files:

Re: Best way to get fingerprint programatically [ In reply to ]
gnupg-users at gnupg
Dec 18, 2019, 1:32 AM
Post #3 of 7 (649 views)
Permalink
On Wed, 18 Dec 2019 08:19, john doe said:

> In other words, why '--quick-set-expire' requires a fingerprint and does
> not accept a <USER-ID>.

Only the fingerprint is a unique identifier for the keyblock (aka
certificate, public key). Allowing a User-id would require extra code
in gpg and by the caller to either ask back or to fail if there is an
ambiguity.

The -F:::::: is an interesting hack but Andrew's or my variant works
with all AWK implementations:

awk -F: '$1=="fpr" {print $10}' | head -1


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

Re: Best way to get fingerprint programatically [ In reply to ]
andrewg at andrewg
Dec 18, 2019, 1:56 AM
Post #4 of 7 (649 views)
Permalink
On 18/12/2019 09:32, Werner Koch via Gnupg-users wrote:
> The -F:::::: is an interesting hack but Andrew's or my variant works
> with all AWK implementations:
>
> awk -F: '$1=="fpr" {print $10}' | head -1

Aha, I forgot about handling multiple results. Note that you don't need
head if you're already using awk:

awk -F: '$1=="fpr" {print $10; exit}'

:-D

--
Andrew Gallagher

Attached Files:

Re: Best way to get fingerprint programatically [ In reply to ]
johndoe65534 at mail
Dec 18, 2019, 2:51 AM
Post #5 of 7 (645 views)
Permalink
On 12/18/2019 10:56 AM, Andrew Gallagher wrote:
> On 18/12/2019 09:32, Werner Koch via Gnupg-users wrote:
>> The -F:::::: is an interesting hack but Andrew's or my variant works
>> with all AWK implementations:
>>
>> awk -F: '$1=="fpr" {print $10}' | head -1
>
> Aha, I forgot about handling multiple results. Note that you don't need
> head if you're already using awk:
>
> awk -F: '$1=="fpr" {print $10; exit}'
>

Thanks to both of you, I'll go with the awk version, that way, I can
avoid unneeded pipe redirection! :)


By any chance, could something like the following be implemented?:

$ gpg -K --print-fingerprint-only test


Which would only print the fingerprint to avoid the awk redirection
altogether.

--
John Doe

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best way to get fingerprint programatically [ In reply to ]
gnupg-users at gnupg
Dec 18, 2019, 4:02 AM
Post #6 of 7 (645 views)
Permalink
On 12/18/19 10:56 , Andrew Gallagher wrote:
> On 18/12/2019 09:32, Werner Koch via Gnupg-users wrote:
>> The -F:::::: is an interesting hack but Andrew's or my variant works
>> with all AWK implementations:
>>
>> awk -F: '$1=="fpr" {print $10}' | head -1
> Aha, I forgot about handling multiple results. Note that you don't need
> head if you're already using awk:
>
> awk -F: '$1=="fpr" {print $10; exit}'
>
> :-D

This was really interesting. Thanks for that tip (all of you). :)
Updated a key the other day, in a more manual way.

What about updating sub-keys…

$ gpg --with-colons -k 0xlongid | awk -F: '$1=="fpr" {print $10}'
0123…
4567…
8901…
2345…

Any convenient way to automate that, or can I just loop it? …something like:

$ for k in $(gpg --with-colons -k 0xlongid | awk -F: '$1=="fpr" {print $10}'); do \
> gpg --quick-set-expire ${k} <time>; done


· Eric
Re: Best way to get fingerprint programatically [ In reply to ]
gnupg-users at gnupg
Dec 19, 2019, 12:47 AM
Post #7 of 7 (645 views)
Permalink
On Wed, 18 Dec 2019 11:51, john doe said:
> By any chance, could something like the following be implemented?:
>
> $ gpg -K --print-fingerprint-only test

I doubt that this helps because the only way to get a single result is
to use the fingerprint for <test>. Thus a second info item would be
required to show the user-id matching the fingerprint - et voila we are
back to --with-colon listing parsing.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal