Compare Key ID of RPM package with Key Fingerprint of RPM-GPG-KEY

Question

During work with RPM packages I frequently need to validate signatures against available GPG keys.

Using

rpm -qip --nosignature <package.rpm> | grep Signature

gives me an Key ID, i.e.:

Signature   : RSA/SHA1, Mon 28. Aug 2019 06:00:00 AM CET, Key ID 1234567890abcdef

whereby

gpg --with-fingerprint <RPM-GPG-KEY-package>

gives me a Key Fingerprint:

Key fingerprint = 0987 6543 21FE DCBA 0987 6543 21FE 1234 5678 90AB CDEF

Since it is not easy to compare both outputs, how to get the mentioned Key ID instead of the whole fingerprint?

score 1 · Answer 1 · answered Aug 30 '19 at 13:53

1

You can import the GPG key using rpm --import GPGFILE and then run rpmkeys --checksig foo.rpm

answered Aug 30 '19 at 13:53

msuchy

1,408
8
6

score 0 · Accepted Answer · answered Aug 28 '19 at 05:58

During research I've found that the Key ID are usually the last 8 or 16 bytes of the Key Fingerprint. So I wanted to extract just them from the output. How to achieve that?

I've found the following approach which seems to be working:

keyID.sh

#! /bin/bash

KEY_PATH=$1
KEY_FINGERPRINT=$(gpg --with-fingerprint ${KEY_PATH} | grep "Key fingerprint" | cut -d "=" -f 2 | tr -d ' ' | tr '[:upper:]' '[:lower:]')

echo ${KEY_FINGERPRINT} | grep -o '.\{8\}$'
echo ${KEY_FINGERPRINT} | grep -o '.\{16\}$'

Compare Key ID of RPM package with Key Fingerprint of RPM-GPG-KEY

2 Answers2