Info: (gnupg) Specify a User ID

⇖ Info Catalog ← gnupg: Invoking SCDAEMON ↑ gnupg: Top → gnupg: Trust Values
gnupg: Specify a User ID

1 
1 7 How to Specify a User Id
1 **************************
1 
1 There are different ways to specify a user ID to GnuPG. Some of them are
1 only valid for 'gpg' others are only good for 'gpgsm'.  Here is the
1 entire list of ways to specify a key:
1 
1    * By key Id.  This format is deduced from the length of the string
1      and its content or '0x' prefix.  The key Id of an X.509 certificate
1      are the low 64 bits of its SHA-1 fingerprint.  The use of key Ids
1      is just a shortcut, for all automated processing the fingerprint
1      should be used.
1 
1      When using 'gpg' an exclamation mark (!)  may be appended to force
1      using the specified primary or secondary key and not to try and
1      calculate which primary or secondary key to use.
1 
1      The last four lines of the example give the key ID in their long
1      form as internally used by the OpenPGP protocol.  You can see the
1      long key ID using the option '--with-colons'.
1 
1           234567C4
1           0F34E556E
1           01347A56A
1           0xAB123456
1 
1           234AABBCC34567C4
1           0F323456784E56EAB
1           01AB3FED1347A5612
1           0x234AABBCC34567C4
1 
1    * By fingerprint.  This format is deduced from the length of the
1      string and its content or the '0x' prefix.  Note, that only the 20
1      byte version fingerprint is available with 'gpgsm' (i.e.  the SHA-1
1      hash of the certificate).
1 
1      When using 'gpg' an exclamation mark (!)  may be appended to force
1      using the specified primary or secondary key and not to try and
1      calculate which primary or secondary key to use.
1 
1      The best way to specify a key Id is by using the fingerprint.  This
1      avoids any ambiguities in case that there are duplicated key IDs.
1 
1           1234343434343434C434343434343434
1           123434343434343C3434343434343734349A3434
1           0E12343434343434343434EAB3484343434343434
1           0xE12343434343434343434EAB3484343434343434
1 
1      'gpgsm' also accepts colons between each pair of hexadecimal digits
1      because this is the de-facto standard on how to present X.509
1      fingerprints.  'gpg' also allows the use of the space separated
1      SHA-1 fingerprint as printed by the key listing commands.
1 
1    * By exact match on OpenPGP user ID. This is denoted by a leading
1      equal sign.  It does not make sense for X.509 certificates.
1 
1           =Heinrich Heine <heinrichh@uni-duesseldorf.de>
1 
1    * By exact match on an email address.  This is indicated by enclosing
1      the email address in the usual way with left and right angles.
1 
1           <heinrichh@uni-duesseldorf.de>
1 
1    * By partial match on an email address.  This is indicated by
1      prefixing the search string with an '@'.  This uses a substring
1      search but considers only the mail address (i.e.  inside the angle
1      brackets).
1 
1           @heinrichh
1 
1    * By exact match on the subject's DN. This is indicated by a leading
1      slash, directly followed by the RFC-2253 encoded DN of the subject.
1      Note that you can't use the string printed by 'gpgsm --list-keys'
1      because that one has been reordered and modified for better
1      readability; use '--with-colons' to print the raw (but standard
1      escaped) RFC-2253 string.
1 
1           /CN=Heinrich Heine,O=Poets,L=Paris,C=FR
1 
1    * By exact match on the issuer's DN. This is indicated by a leading
1      hash mark, directly followed by a slash and then directly followed
1      by the RFC-2253 encoded DN of the issuer.  This should return the
1      Root cert of the issuer.  See note above.
1 
1           #/CN=Root Cert,O=Poets,L=Paris,C=FR
1 
1    * By exact match on serial number and issuer's DN. This is indicated
1      by a hash mark, followed by the hexadecimal representation of the
1      serial number, then followed by a slash and the RFC-2253 encoded DN
1      of the issuer.  See note above.
1 
1           #4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
1 
1    * By keygrip.  This is indicated by an ampersand followed by the 40
1      hex digits of a keygrip.  'gpgsm' prints the keygrip when using the
1      command '--dump-cert'.
1 
1           &D75F22C3F86E355877348498CDC92BD21010A480
1 
1    * By substring match.  This is the default mode but applications may
1      want to explicitly indicate this by putting the asterisk in front.
1      Match is not case sensitive.
1 
1           Heine
1           *Heine
1 
1    * .  and + prefixes These prefixes are reserved for looking up mails
1      anchored at the end and for a word search mode.  They are not yet
1      implemented and using them is undefined.
1 
1    Please note that we have reused the hash mark identifier which was
1 used in old GnuPG versions to indicate the so called local-id.  It is
1 not anymore used and there should be no conflict when used with X.509
1 stuff.
1 
1    Using the RFC-2253 format of DNs has the drawback that it is not
1 possible to map them back to the original encoding, however we don't
1 have to do this because our key database stores this encoding as meta
1 data.
1
⇖ Info Catalog ← gnupg: Invoking SCDAEMON ↑ gnupg: Top → gnupg: Trust Values