From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-42991-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 22973 invoked by alias); 12 Jun 2018 22:31:38 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
List-Unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
X-Seq: 42991
Received: (qmail 4040 invoked by uid 1010); 12 Jun 2018 22:31:38 -0000
X-Qmail-Scanner-Diagnostics: from mx.spodhuis.org by f.primenet.com.au (envelope-from <zsh-workers+phil.pennock@spodhuis.org>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1.  
 Clear:RC:0(94.142.241.89):SA:0(-4.2/5.0):. 
 Processed in 7.916084 secs); 12 Jun 2018 22:31:38 -0000
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	SPF_HELO_PASS,SPF_PASS,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham
	autolearn_force=no version=3.4.1
X-Envelope-From: zsh-workers+phil.pennock@spodhuis.org
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=spodhuis.org; s=d201804; h=In-Reply-To:Content-Type:MIME-Version:References
	:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding
	:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=QCMsxjpmicB9teuIsVvvpmB/JVfjcRfZqlRYjkKnPKk=; b=XghzDl3dWt1Egdh4LJSS636yS8
	wB9cPzpTnTzKMMseUprWsG/tPjStMJ1z0wjpCBOw4sFQTtWZ6kLdxM+orG0udi/KyhuzwpUYg6nb+
	xpUIZvHXYz/EO4Ufb00eARnqozBWDzZLUAk3Es87j4ylAxpYMFtiJ0c5r5kSWQzSw57b2Gqu5epGh
	koSJEwyUMRlja16Wn4rklmJjogiGQGdaE6TovOGrYcd8RurnvaVQCGZbYL/VT9BJepzDM7fCRBURB
	5KDAgd5DEpCTkApdb2c+UA9p1cFFVVHaotwdFBmLQzkpJaemjESGzAuZ2TlNX0f1L9Lp0bQV+hqH1
	MaTI9oag==;
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed;
	d=spodhuis.org; s=d201804e2; h=In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	 bh=QCMsxjpmicB9teuIsVvvpmB/JVfjcRfZqlRYjkKnPKk=; b=jg/PZRdlBMe762it0RwnTUci7
	vlQz64DGvdpHIlgmAYasTP6GExe+reBGnOqU7MpqVDC/zOvL3hBw8LdWcbkDA==;
Date: Tue, 12 Jun 2018 18:14:11 -0400
From: Phil Pennock <zsh-workers+phil.pennock@spodhuis.org>
To: zsh-workers@zsh.org
Subject: Re: [PATCH] _gpg: Use explicit UIDs for public / secret keys.
Message-ID: <20180612221411.GA20129@osmium.lan>
References: <20180609200940.17041-1-doron.behar@gmail.com>
 <20180609203932.x3s4hbmbl6rtba76@tarpaulin.shahaf.local2>
 <20180612105457.wnuoenlfzapgosmf@NUC.doronbehar.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180612105457.wnuoenlfzapgosmf@NUC.doronbehar.com>
OpenPGP: url=https://www.security.spodhuis.org/PGP/keys/0x4D1E900E14C1CC04.asc

On 2018-06-12 at 13:54 +0300, Doron Behar wrote:
> To tell you the truth, I have no idea what `fpr` means. I just know, by

Fingerprint.  It's the fullest form of the keyid and probably the best
choice for identifying keys today; within the GnuPG tooling community,
using any of the shorter keyid formats is moving into "frowned upon"
territory.

Unless you need trust information or some of the specific parts of the
userid, using `--fast-list-mode` can have significant wins too.

Doing any form of parsing without `--with-colons` is prone to breaking
depending upon tuning options in the gpg.conf file, so switching is a
good thing.

Matthew's link to
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS>
is accurate and good guidance.  As is his pointer to check the correct
column numbers.

Beware that recent versions of GnuPG always show fingerprints, for keys
and subkeys, because (per commit message) "The fingerprint should always
be used thus we should always print it."; so you'll get multiple `fpr:`
records per top-level key, although between the `sec` or `pub` top-level
introducer and the `uid:` lines for _that_ key there should just be the
top-level fingerprint.

Note that people can want to explicitly specify a subkey fingerprint,
although if they do, they'll want to follow it with an exclamation mark
to indicate "no really, use this subkey, I'm not just giving you a
pointer to find the top key".

Welcome to the world of GnuPG integration.  You have my sympathy.  But
also my encouragement.  :)

-Phil