发表新帖
发表新帖

How to display gpg key details without importing it?

后端 未结
关注
8 783
萌比男神i
萌比男神i 2020-12-22 20:55

I have a copy of the postgresql apt repository gpg key and would like to view the details of the gpg key as it comes in the file. Is this possible without importing it into

相关标签:
8条回答
  • 旧巷少年郎
    2020-12-22 21:21

    pgpdump (https://www.lirnberger.com/tools/pgpdump/) is a tool that you can use to inspect pgp blocks.

    It is not user friendly, and fairly technical, however,

    • it parses public or private keys (without warning)
    • it does not modify any keyring (sometimes it is not so clear what gpg does behind the hood, in my experience)
    • it prints all packets, specifically userid's packets which shows the various text data about the keys.
    pgpdump -p test.asc 
New: Secret Key Packet(tag 5)(920 bytes)
    Ver 4 - new
    Public key creation time - Fri May 24 00:33:48 CEST 2019
    Pub alg - RSA Encrypt or Sign(pub 1)
    RSA n(2048 bits) - ...
    RSA e(17 bits) - ...
    RSA d(2048 bits) - ...
    RSA p(1024 bits) - ...
    RSA q(1024 bits) - ...
    RSA u(1020 bits) - ...
    Checksum - 49 2f 
New: User ID Packet(tag 13)(18 bytes)
    User ID - test (test) <tset>                        
New: Signature Packet(tag 2)(287 bytes)
    Ver 4 - new
    Sig type - Positive certification of a User ID and Public Key packet(0x13).
    Pub alg - RSA Encrypt or Sign(pub 1)
    Hash alg - SHA256(hash 8)
    Hashed Sub: signature creation time(sub 2)(4 bytes)
        Time - Fri May 24 00:33:49 CEST 2019
    Hashed Sub: issuer key ID(sub 16)(8 bytes)
        Key ID - 0x396D5E4A2E92865F
    Hashed Sub: key flags(sub 27)(1 bytes)
        Flag - This key may be used to certify other keys
        Flag - This key may be used to sign data
    Hash left 2 bytes - 74 7a 
    RSA m^d mod n(2048 bits) - ...
        -> PKCS-1

    unfortunately it does not read stdin : /

    0 讨论(0)
  • 有刺的猬
    2020-12-22 21:24

    To get the key IDs (8 bytes, 16 hex digits), this is the command which worked for me in GPG 1.4.16, 2.1.18 and 2.2.19:

    gpg --list-packets <key.asc | awk '$1=="keyid:"{print$2}'

    To get some more information (in addition to the key ID):

    gpg --list-packets <key.asc

    To get even more information:

    gpg --list-packets -vvv --debug 0x2 <key.asc

    The command

    gpg --dry-run --import <key.asc

    also works in all 3 versions, but in GPG 1.4.16 it prints only a short (4 bytes, 8 hex digits) key ID, so it's less secure to identify keys.

    Some commands in other answers (e.g. gpg --show-keys, gpg --with-fingerprint, gpg --import --import-options show-only) don't work in some of the 3 GPG versions above, thus they are not portable when targeting multiple versions of GPG.

    0 讨论(0)
 看不清?
提交回复
热议问题