gpg fingerprint command obsolete

gpg fingerprint command updated yet again. The info on the wiki is no longer accurate. This should work:

gpg -n --import --import-options import-show i2p-pubkey.asc

https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058597.html


A search and replace should make updating the wiki easier if confirmed to be safe.

1 Like

? That is for mass search and replace.

Has to be used with great care since it can mess up a lot which can perhaps only be fixed with a database restoration from an unbroken revision (which then loses all other changes since last backup). Has a preview though before it actually changes things.

I doubt we are using the i2p gpg fingerprint on any other pages than on the i2p page?

A normal search shows the old fingerprint only on the i2p page. If we were to reuse the fingerprin (or verification instructions)t on multiple pages, we’d create a wiki template so still only one place has to be updated.

1 Like

Yes unfortunately its used in many places and not made into a template. Off the top of my head - Tox, YaCy, Freenet use this too. Can you please ask TorJunkie to templatize the generic part of these commands so it doesn’t become a time consuming task in the future?

1 Like
1 Like

We now have a nice command that at least works on stretch.

sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA

No conversion from asc to keybox to gpg file or anything needed. Solid fingerprint check. No need add to user’s personal gpg folder first. Goes right into /etc/apt/trusted.gpg.d/ drop-in folder, therefore easily disabled later if desired so.

Doesn’t work in Qubes-Whonix TemplateVMs though. ( gpg fails in debian-9 based TemplateVM through Qubes UpdatesProxy - gpg: keyserver receive failed: No keyserver available · Issue #4291 · QubesOS/qubes-issues · GitHub )

Used here:

1 Like

Template created:

Usage example:

{{apt-key
|filename=/etc/apt/trusted.gpg.d/whonix.gpg
|fingerprint=916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
}}

https://www.whonix.org/wiki/Template:Whonix-APT-Repository-Add

Wohoo! Nice find. Trying to think of all the pages that used the older instructions. Any idea what a good seach term they all share is?

Not sure but even a search for gpg doesn’t show unmanageably many? I guess gpg would catch them all. I don’t think there are that many of those.

I created a second template that’s supposed to use the default onion keyserver so it omits the clearnet server argument.

Here’s the example revamp for I2P repo but it does’t work for some reason. Any pointers?

sudo apt-key --keyring /etc/apt/trusted.gpg.d/i2p.gpg --recv-keys 7840E7610F28B904753549D767ECE5605BCF1346

1 Like

--keyserver hkp://ipv4.pool.sks-keyservers.net:80 is not optional. Required. Alternative unknown. Some obscure gpg bug.

1 Like

Template:Apt-key-onion - Whonix just now fixed. Working at the moment.

Repeat, at the moment. gpg having more and more strange connectivity issues.

no dirmngr.log created after previous command ‘KS_GET’ failed: Operation not permitted
https://dev.gnupg.org/T4153

command ‘KS_GET’ failed: Operation not permitted
https://dev.gnupg.org/T4152

3 Likes

They said this is not a bug.

Firewall issue? (according to the ticket)

Is the thread original issue gpg fingerprint command obsolete still an open issue?

1 Like

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Kicksecure/Debian#cite_note-4

According to this yes, If no then that footnote should be fixed.

1 Like

Footnote removed.

This issue in this forum thread is superseded by this:
gpg --recv-keys fails / no longer use keyservers for anything - #8 by Patrick

1 Like