Referring to Keys

Referring to Keys -- outlines how to refer to GPG keys in code using Crypt_GPG

Fingerprint

Crypt_GPG supports referring to a key in several ways. The most definitive way to refer to a specific key is to use the key's fingerprint. Key fingerprints are generated by performing a checksum on the actual content of a key. A fingerprint appears as a string of hex characters that may sometimes be separated by spaces or colons. For example: F94A F628 5725 7147 0569 F9FF E995 8292 DB15 A2C9. The fingerprint of a key can be retrieved using the Crypt_GPG::getKeys() and Crypt_GPG::getFingerprint() methods. Alternatively, the following command may be used to list keys on a console:

$ gpg --list-keys --with-fingerprint --with-fingerprint

注意 --with-fingerprint is doubled intentionally.

Key ID

Keys may also be referenced by the key id. The key id is an eight-octal long hexidecimal number. The key id can be obtained using Crypt_GPG::getKeys(). Though rare, it is possible to have two keys with the same key id. The key id may also be obtained using the following command:

$ gpg --list-keys --with-colons

The key id is the fifth colon-separated field. A partial key id may also be used to reference a key. The partial key id is the lower four octals of a full key id and may be obtained using the following command:

$ gpg --list-keys

User ID

Lastly, keys may be referenced by all or part of the key's user id. For example, Test User (test key) <test@example.com>, Test User <test@example.com> and test@example.com may all be used to refer to the same key. When there is more than on key in the keyring with the same user id (or partial user id), the first key is used. In these cases, it is important to use a more specific identifier to ensure the correct key is used. In general, unless the keyring contains many keys, the less specific but more convenient form of test@example.com is fine to use.