#9778 [Noggin] GPG keys should be listed by full fingerprints or the 16-char suffix
Closed: Upstream 3 years ago by kevin. Opened 3 years ago by salimma.

Describe what you would like us to do:


In the previous FAS, I upload the text of my GPG key. After the migration to Noggin, only the fingerprint is displayed (but I can have 3 of them). This is presumably by design so instead of hosting the public keys, people who need GPG keys would look them up elsewhere and verify the fingerprint?

One issue: the field for fingerprint only takes 16 characters, but modern fingerprints are longer, e.g.: for my current key
5DCE2E7E9C3B1CFFD335C1D78B229D2F7CCC04F2

This shows up in Noggin as 5DCE2E7E9C3B1CFF

In this case I think if we only keep 16 characters, we should keep the last 16 characters, not the first 16 characters.

My current key is hosted with WKD so it's a bad example, but here's an example with my expired old key that is in the keyservers. Note that searching by a 16-character fingerprint prefix fails but searching by a 16-character suffix works

~
❯ gpg --search EA5DC40D88BD97AA2EA5A84C4EA1777DAA582584
gpg: data source: https://hkps.pool.sks-keyservers.net:443
(1) Michel Alexandre Salim (personal) michel@michel-slm.name
Michel Alexandre Salim (fedora) salimma@fedoraproject.org
4096 bit RSA key 4EA1777DAA582584, created: 2017-02-09, expires: 2018-02-09 (expired)
Keys 1-1 of 1 for "EA5DC40D88BD97AA2EA5A84C4EA1777DAA582584". Enter number(s), N)ext, or Q)uit > q
gpg: error searching keyserver: Operation cancelled
gpg: keyserver search failed: Operation cancelled

~ took 4s
❯ gpg --search EA5DC40D88BD97AA
gpg: data source: https://hkps.pool.sks-keyservers.net:443
gpg: key "EA5DC40D88BD97AA" not found on keyserver
gpg: keyserver search failed: Not found

~ took 3s
❯ gpg --search 4EA1777DAA582584
gpg: data source: https://hkps.pool.sks-keyservers.net:443
(1) Michel Alexandre Salim (personal) michel@michel-slm.name
Michel Alexandre Salim (fedora) salimma@fedoraproject.org
4096 bit RSA key 4EA1777DAA582584, created: 2017-02-09, expires: 2018-02-09 (expired)
Keys 1-1 of 1 for "4EA1777DAA582584". Enter number(s), N)ext, or Q)uit >
gpg: signal 2 caught ... exiting

When do you need this to be done by? (YYYY/MM/DD)


2021/04/30


This sounds like something that should be worked on upstream. Could you open a ticket at: https://github.com/fedora-infra/noggin/issues ?

Also:

When do you need this to be done by? (YYYY/MM/DD)
2021/04/30

Is there a specific deadline to meet at the end of April?

I remember that I configured the full fingerprint in the old FAS but now it only shows the prefix so it seems the migration truncated the information from FAS.

@pingou no specific deadline, it's just a field I had to fill so I picked something reasonably far away. I'll file upstream.

Many thanks. Lets track this there now. :)

Metadata Update from @kevin:
- Issue close_status updated to: Upstream
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata