Mailing List Archive: GnuPG: users

A usability gap in fingerprint rendering and parsing

Index | Next | Previous | View Threaded

drfarina at acm

Jan 2, 2012, 5:43 PM

Post #1 of 11 (269 views)
Permalink

A usability gap in fingerprint rendering and parsing

Hello list,

I was recently trying to encrypt a payload using fingerprints in my
keyring to most unambiguously identify a key, when I encountered the
following confusion. After giving up trying to find resolution via
search engine I played with it a bit more I got it to work, but the
head-scratching is, I think, unnecessary.

Here's what I did:

gpg --list-keys --fingerprint

In the output is a line like:

Key fingerprint = 560D 1AD1 81D9 81C2 D5D1 005F 10CA 1074 B50F 855E

However, one cannot paste that string into gpg --encrypt --recipient,
getting the "no public key" message, as one might expect. One can
after removing the spaces, however. Two of the more obvious solution
categories include:

* Removing the otherwise helpful padding in the spaces between nibbles
and decabytes

* Expanding --recipient parsing code to accept this format

Stepping back a bit, software and users that want to deal in
fingerprints might be very different than software and users who want
to deal in short ids and email addresses, and it might be nice to have
a restricted --recipient option that only supports safe, unambiguous
addressing of keys. I think I'm in the latter category.

In any case, I think the output of the program should be, in this
case, usable as input.

Thoughts?

--
fdr

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

jerome at jeromebaum

Jan 2, 2012, 5:49 PM

Post #2 of 11 (265 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On 2012-01-03 02:43, Daniel Farina wrote:
> Thoughts?

--with-colons

--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that panic cannot make it worse.

Attachments:

signature.asc (0.86 KB)

jerome at jeromebaum

Jan 2, 2012, 5:54 PM

Post #3 of 11 (265 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On 2012-01-03 02:52, sykadul [at] astalavista wrote:
> Ladies and gentleman, I will be unplugged from my email until the 17th of January.
>
> In the mean time here's a video of a bunny opening your mail http://www.youtube.com/watch?v=LMyaRmTwdKs
>
> Your mail will not be forwarded and I will contact you when I come back, alternatively you can contact one of the other administrators or email info [at] astalavista
>
> Merry christmas and a happy new year!
>
> Best regards,
> Sykadul
>
>

Stop spamming me!

(But the video is nice.)

--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that panic cannot make it worse.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

drfarina at acm

Jan 5, 2012, 3:12 PM

Post #4 of 11 (261 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On Mon, Jan 2, 2012 at 5:49 PM, Jerome Baum <jerome [at] jeromebaum> wrote:
> On 2012-01-03 02:43, Daniel Farina wrote:
>> Thoughts?
>
> --with-colons

Should that become the default? What's the use of nibbles that cannot
be parsed by --recipient?

I also prefer to read the whitespace, but in that case --recipient can
be taught to ignore whitespace when interpreting a stream of
hexadecimal.

--
fdr

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

wk at gnupg

Jan 6, 2012, 2:17 AM

Post #5 of 11 (262 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On Fri, 6 Jan 2012 00:12, drfarina [at] acm said:

> Should that become the default? What's the use of nibbles that cannot

No, --with-colons is not for humans. OTOH, humans are not able to
properly read and compare 40 digits hex strings without the help of
delimiters like spaces. Now, if you want to cut+paste things you need
to convert them
gpg -er $(echo PASTE-HERE |tr -d ' ')
might be a solution.

> I also prefer to read the whitespace, but in that case --recipient can
> be taught to ignore whitespace when interpreting a stream of

We could make this work but you would need to enclose it in quotes.
What a bout a new option to display the fingerprint in a consensed
format. For example --fpr instead of --with-fingerprint.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

drfarina at acm

Jan 6, 2012, 2:25 AM

Post #6 of 11 (260 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On Fri, Jan 6, 2012 at 2:17 AM, Werner Koch <wk [at] gnupg> wrote:
> On Fri, �6 Jan 2012 00:12, drfarina [at] acm said:
>
>> Should that become the default? �What's the use of nibbles that cannot
>
> No, --with-colons is not for humans. �OTOH, humans are not able to
> properly read and compare 40 digits hex strings without the help of
> delimiters like spaces. �Now, if you want to cut+paste things you need
> to convert them
> � gpg -er $(echo PASTE-HERE |tr -d ' ')
> might be a solution.
>
>> I also prefer to read the whitespace, but in that case --recipient can
>> be taught to ignore whitespace when interpreting a stream of
>
> We could make this work but you would need to enclose it in quotes.
> What a bout a new option to display the fingerprint in a consensed
> format. �For example --fpr instead of --with-fingerprint.

By quotes, you mean so bash will pass it as one argv? This is
actually the very first thing I tried: I think anyone familiar with
the command line will immediately see the spaces and quote it, so one
passes:

gpg -er 'abcd ef12 ...'

People are also used to quoting things like URLs, file names, patterns
for grep or sed, and so on. So I think that's a totally acceptable
thing...in fact, doing it any other way would seem "weird."

If that works, it'd be great to avoid any extra options. I also agree
that the colon notation is pretty ugly.

--
fdr

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

wk at gnupg

Jan 6, 2012, 4:41 AM

Post #7 of 11 (261 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On Fri, 6 Jan 2012 11:25, drfarina [at] acm said:

> By quotes, you mean so bash will pass it as one argv? This is

Yes.

> If that works, it'd be great to avoid any extra options. I also agree
> that the colon notation is pretty ugly.

Just commited the change to master:

$ gpg2 -k ' 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367 '
pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
uid Werner Koch <wk [at] gnupg>
uid Werner Koch <wk [at] g10code>
sub 1024D/77F95F95 2011-11-02
sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31]

Note that leading and trailing spaces are allowed but the double space
in the middle of the fingerprint is required:

$ gpg2 -k ' 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367 '
gpg: error reading key: No public key

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

jerome at jeromebaum

Jan 6, 2012, 5:18 AM

Post #8 of 11 (259 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On 2012-01-06 13:41, Werner Koch wrote:
> Note that leading and trailing spaces are allowed but the double space
> in the middle of the fingerprint is required:
>
> $ gpg2 -k ' 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367 '
> gpg: error reading key: No public key

Is this necessary for a technical reason? I'm just thinking about the
scenario where transmits his human-readable fingerprint in a medium that
collapses repeated spaces (think e.g. HTML).

I know we can say it's their fault (and rightfully so), but I'm just
thinking from a usability standpoint, if there is no security benefit
and it's not a lot of work to add this, it could be useful.

(In fact I think I'd rather see a requirement to not have surrounding
whitespace and instead be less sensitive about inner whitespace.)

But enough nit-picking, the "complaint to code" time was amazing! :)

--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that panic cannot make it worse.

Attachments:

signature.asc (0.86 KB)

wk at gnupg

Jan 6, 2012, 6:09 AM

Post #9 of 11 (260 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On Fri, 6 Jan 2012 14:18, jerome [at] jeromebaum said:

> Is this necessary for a technical reason? I'm just thinking about the
> scenario where transmits his human-readable fingerprint in a medium that
> collapses repeated spaces (think e.g. HTML).

Hmmm, you have a point here.

> (In fact I think I'd rather see a requirement to not have surrounding
> whitespace and instead be less sensitive about inner whitespace.)

Trimming white space is common practice and used for all kind of user id
specifications. Without that you need to be very careful when copying
and pasting.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

drfarina at acm

Jan 6, 2012, 2:44 PM

Post #10 of 11 (264 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On Fri, Jan 6, 2012 at 5:18 AM, Jerome Baum <jerome [at] jeromebaum> wrote:
> Is this necessary for a technical reason? I'm just thinking about the
> scenario where transmits his human-readable fingerprint in a medium that
> collapses repeated spaces (think e.g. HTML).

If there's no security implication (it's hard for me to imagine, but
I'm not very imaginative) I think ignoring whitespace in the beginning
and middle of the string makes a lot of sense. I could come up with a
couple of more fanciful suggestions (for example: requiring at least a
single space between nibbles to help users identify input that is
truncated by a byte or two in case of a fudged copy-paste), but
they're not nearly as large confusion-eliminators.

> But enough nit-picking, the "complaint to code" time was amazing! :)

I, too, am amazed!

--
fdr

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

wk at gnupg

Jan 7, 2012, 9:47 AM

Post #11 of 11 (260 views)
Permalink

Re: A usability gap in fingerprint rendering and parsing [In reply to]

On Fri, 6 Jan 2012 23:44, drfarina [at] acm said:

> If there's no security implication (it's hard for me to imagine, but
> I'm not very imaginative) I think ignoring whitespace in the beginning
> and middle of the string makes a lot of sense. I could come up with a

Well, I already did that yesterday.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads