At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from : they provide the key and the fingerprint but no instructions for reviewing this information myself.

How do I show the fingerprint of the key I just downloaded?

apt-key finger oracle_vbox.asc shows the fingerprints of all trusted keys, which isn't what I want.

0

4 Answers

Get the key:

$ wget 

Print the key fingerprint with GPG version 1:

$ gpg --with-fingerprint oracle_vbox.asc pub 1024D/98AB5139 2010-05-18 Oracle Corporation (VirtualBox archive signing key) <> Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139 sub 2048g/281DDC4B 2010-05-18 Key fingerprint = 27B0 97CF 8257 4209 C434 8D42 B674 8A65 281D DC4B 

Note that the 2nd fingeprint is just the fingerprint of the sub-key.

Print the fingerprint with GPG version 2:

$ gpg2 -n -q --import --import-options import-show oracle_vbox.asc pub dsa1024 2010-05-18 [SC] 7B0FAB3A13B907435925D9C954422A4B98AB5139 uid Oracle Corporation (VirtualBox archive signing key) <> sub elg2048 2010-05-18 [E] 

Note that -n is an alias for --dry-run, i.e. the key isn't actually imported.

Alternatively, to just display the fingerprints:

$ gpg2 -nq --import --import-options import-show --with-colons oracle_vbox.asc \ | awk -F: '$1 == "fpr" { print $10 }' 7B0FAB3A13B907435925D9C954422A4B98AB5139 27B097CF82574209C4348D42B6748A65281DDC4B 
9

Step 1

$ deb artful contrib

Step 2

$ wget -q -O- | sudo apt-key add -

Step 3

$ apt-key list 

or, equivalently,

$ apt-key finger 

which should return

/etc/apt/trusted.gpg -------------------- pub rsa4096 2016-04-22 [SC] B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <> sub rsa4096 2016-04-22 [E] 

which in turn should be equivalent to

The key fingerprint for oracle_vbox_2016.asc is

B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF Oracle Corporation (VirtualBox archive signing key) <> 

on , either by visual inspection or further command line fu.


Related links:

1

This works with GPG 2 (at least I could check it with versions 2.1.18 and 2.2.12):

wget gpg_home=$(mktemp -d) gpg --homedir "$gpg_home" --import oracle_vbox.asc # gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created # gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created # gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <>" imported # gpg: Total number processed: 1 # gpg: imported: 1 gpg --homedir "$gpg_home" --list-keys # /tmp/tmp.CHoWuJBy7N/pubring.kbx # ------------------------------- # pub dsa1024 2010-05-18 [SC] # 7B0FAB3A13B907435925D9C954422A4B98AB5139 # uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <> # sub elg2048 2010-05-18 [E] # 

Source:

You have both the key and the fingerprint? Run:

ssh-keygen -lf key.pub 

against the key to get the fingerprint.

ssh-keygen reference:

5

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy