Please see comments from Werner Koch at:
https://bugs.gnupg.org/gnupg/issue2942
---
gnupg.py | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/gnupg.py b/gnupg.py
index 71f5500..189fa7c 100644
--- a/gnupg.py
+++ b/gnupg.py
@@ -1163,10 +1163,19 @@ class GPG(object):
List details of an ascii armored or binary key file
without first importing it to the local keyring.
- The function achieves this by running:
+ The function achieves this on modern GnuPG by running:
+
+ $ gpg --dry-run --import-options import-show --import
+
+ On older versions, it does the *much* riskier:
+
$ gpg --with-fingerprint --with-colons filename
"""
- args = ['--with-fingerprint', '--with-colons']
+ if self.version >= (2, 1, 14):
+ args = ['--dry-run', '--import-options', 'import-show', '--import']
+ else:
+ logger.warning('Warning! trying to list packets, but if the file
is not a keyring, might accidentally decrypt')
+ args = ['--with-fingerprint']
args.append(no_quote(filename))
p = self._open_subprocess(args)
return self._get_list_output(p, 'scan')
--
2.11.0