Outlines how to refer to GnuPG keys in code using Crypt_GPG.
Crypt_GPG supports referring to a key in several ways.
The most definitive way to refer to a specific key is to use the key's
fingerprint. Key fingerprints are generated by performing a checksum on the
actual content of a key. A fingerprint appears as a string of hexadecimal
characters, sometimes separated by spaces or colons. For example:
F94A F628 5725 7147 0569 F9FF E995 8292 DB15 A2C9
. The
fingerprint of a key can be retrieved using the
Crypt_GPG::getKeys()
and
Crypt_GPG::getFingerprint()
methods. Alternatively, the following command may be used to list keys on
a console:
$
gpg --list-keys --with-fingerprint --with-fingerprint
--with-fingerprint is doubled intentionally.
Keys may also be referenced by the key id. The key id is an eight-octal long
hexadecimal number. The key id can be obtained using
Crypt_GPG::getKeys()
.
Though rare, it is possible to have two keys with the same key id. The key
id may also be obtained using the following command:
$
gpg --list-keys --with-colons
The key id is the fifth colon-separated field. A partial key id may also be used to reference a key. The partial key id is the lower four octals of a full key id and may be obtained using the following command:
$
gpg --list-keys
Lastly, keys may be referenced by all or part of the key's user id. For example, Test User (test key) <test@example.com>, Test User <test@example.com> and test@example.com may all be used to refer to the same key. When there is more than on key in the keyring with the same user id (or partial user id), the first key is used. In these cases, it is important to use a more specific identifier to ensure the correct key is used. In general, unless the keyring contains many keys, the less specific but more convenient form of test@example.com is fine to use.