gpg show key warning - gpg: WARNING: no command supplied. Trying to guess what you mean ...

Development
1

This worked well in gpg version that came with Debian stretch. gpg version that comes with Debian buster invented another confusing useless warning.

gpg --keyid-format long --with-fingerprint patrick.asc
gpg: WARNING: no command supplied. Trying to guess what you mean …
pub rsa4096/8D66066A2EEACCDA 2014-01-16 [SC] [expires: 2021-04-17]
Key fingerprint = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
uid Patrick Schleizer adrelanos@riseup.net
sub rsa4096/3B1E6942CE998547 2014-01-16 [E] [expires: 2021-04-17]
sub rsa4096/10FDAC53119B3FD6 2014-01-16 [A] [expires: 2021-04-17]
sub rsa4096/CB8D50BB77BB3C48 2014-01-16 [S] [expires: 2021-04-17]

Now showing this warning:

gpg --keyid-format long --import --import-options show-only --with-fingerprint patrick.asc

But that syntax is weird. Super long command for such a simple thing “show me the fingerprint of the key inside that file”.

Context:

Also context:

For Whonix repository, adding Whonix signing key to apt-get there is no alternative to using gpg since gpg alternatives are unsupported by apt-get.

2

To hide any unwanted error messages, you can use

gpg --keyid-format long --with-fingerprint patrick.asc 2>/dev/null
3

Wouldn’t recommend. That could hide some warnings (in case of malicious
file) that we want the user to see.

4

If there was a malicious file, wouldn’t it just print out the key fingerprint and not give any warning? Gpg has no way of knowing if the fingerprint is correct or not so it wouldn’t give an error.

1 Like
5

There are many ways for a file to be malicious or broken. One way would
be a different key. Other ways multiple keys. Or incomplete file.
Extraneous characters, extra long lines or weird gpg package formats.
Depending on what’s wrong, gpg will show a different warning. gpg is so
complex with so much different possible outputs, I don’t think it’s a
good idea to discard all warnings blanket.

1 Like