Duplicity

No support of long key_id or full fingerprint

Bug #1324819 reported by 4dro on 2014-05-30

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Duplicity	New	Undecided	Unassigned

Bug Description

Tried using the full fingerprint as recommended by gnupg: 'The use of key Ids is just a shortcut, for all automated processing the fingerprint should be used. ' [1] But that failed, same for using the long keyid.

Error: Sign key should be an 8 character hex string, like 'AA0E73D2'.
Error: Received '60DEADBEEF29E89B' instead.

Relying on the short keyid is a bad idea, they can be easily spoofed [2]. Long keyids can also relatively easy collide [3] and they can cause serious side effects. [4] I haven't tested what happens when there are colliding fingerprints.

It'd be nice if we can make use of full fingerprints.

I have tried to look at where the looks of a key are tested but got a bit lost.

[1] https://www.gnupg.org/documentation/manuals/gnupg-devel/Specify-a-User-ID.html
[2] http://www.asheesh.org/note/debian/short-key-ids-are-bad-news
[3] http://thread.gmane.org/gmane.ietf.openpgp/7413
[4] https://www.debian-administration.org/users/dkg/weblog/105

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.