From 4287f89557b3bc9ab2876331e1bcb143d759fb47 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 18 Mar 2020 13:56:43 +0100
Subject: gpg: Also allow a v5 fingerprint for --trusted-key.

* g10/trustdb.c (tdb_register_trusted_key): Add case for 32 octet
fingerprints.
--
GnuPG-bug-id: 4855

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 doc/gpg.texi  | 3 ++-
 g10/trustdb.c | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index ab3912fc5..d05699c55 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1654,7 +1654,8 @@ claim" signatures are always accepted.
 @item --trusted-key @var{long key ID or fingerprint}
 @opindex trusted-key
 Assume that the specified key (which must be given
-as a full 8 byte key ID or 20 byte fingerprint) is as trustworthy as one of
+as a full 8 byte key ID, a 20 byte, or 32 byte fingerprint)
+is as trustworthy as one of
 your own secret keys. This option is useful if you
 don't want to keep your secret keys (or one of them)
 online but still want to be able to check the validity of a given
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 00a53e0ea..6232e0320 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -228,6 +228,13 @@ tdb_register_trusted_key (const char *string)
           register_trusted_keyid (kid);
           return;
         }
+      if (desc.mode == KEYDB_SEARCH_MODE_FPR && desc.fprlen == 32)
+        {
+          kid[0] = buf32_to_u32 (desc.u.fpr);
+          kid[1] = buf32_to_u32 (desc.u.fpr+4);
+          register_trusted_keyid (kid);
+          return;
+        }
     }
   log_error (_("'%s' is not a valid long keyID\n"), string );
 }
-- 
cgit v1.2.3