Please see comments from Werner Koch at:

https://bugs.gnupg.org/gnupg/issue2942
---
 gnupg.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/gnupg.py b/gnupg.py
index 71f5500..189fa7c 100644
--- a/gnupg.py
+++ b/gnupg.py
@@ -1163,10 +1163,19 @@ class GPG(object):
         List details of an ascii armored or binary key file
         without first importing it to the local keyring.
 
-        The function achieves this by running:
+        The function achieves this on modern GnuPG by running:
+
+        $ gpg --dry-run --import-options import-show --import
+
+        On older versions, it does the *much* riskier:
+
         $ gpg --with-fingerprint --with-colons filename
         """
-        args = ['--with-fingerprint', '--with-colons']
+        if self.version >= (2, 1, 14):
+            args = ['--dry-run', '--import-options', 'import-show', '--import']
+        else:
+            logger.warning('Warning! trying to list packets, but if the file 
is not a keyring, might accidentally decrypt')
+            args = ['--with-fingerprint']
         args.append(no_quote(filename))
         p = self._open_subprocess(args)
         return self._get_list_output(p, 'scan')
-- 
2.11.0

Reply via email to