0

I execute the following command, as discussed in several sites:

gpg --with-fingerprint VeraCrypt_PGP_public_key.asc

Against current key here VeraCrypt download

The output I receive is as follows:

gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa4096 2018-09-11 [SC]
uid           VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) <[email protected]>
sub   rsa4096 2018-09-11 [E]
sub   rsa4096 2018-09-11 [A]

Is this supposed to happen? How does this help me verify the public key as none of the information relates to what is shown in the link for ID/Fingerprint?

Improve this question
1
  • No that is not the output you want (I'm getting the same result). you want to see the fingerprint for the key, and verify that it matches the one posted on the site. you don;t want to import a key into gpg if it is suspect, so verifying the fingerprint tells you whether the key was modified during the download process. after you import the key, you can use GPG to verify the download by using its signature.
    – Frank Thomas
    Commented Jun 30, 2020 at 0:30

1 Answer 1

Reset to default
1

ok, Take out the --with-fingerprint option. it will print the fingerprint on the third line of output.

gpg VeraCrypt_PGP_public_key.asc

Note that this is not technically a correct use of gpg, since it doesn't provide a command, but it will work.

See more info here if you really want to learn to do it right: https://unix.stackexchange.com/questions/335669/gnupg-2-1-16-with-fingerprint-no-longer-works-to-show-fingerprints

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .