Getting information from an armored gpg public key file

Question

When given a file with an armored public GnuPG key, i.e. a file (pubkey.gpg) that was created with:

gpg -r 0xDEADBEEF --export --armored > pubkey.gpg

What is the best way to get information such as the finger print in that file, without importing it into my keyring?

The best way I found so far (and I am not happy with) is:

gpg --dry-run --import pubkey.gpg

Naturally, I grepped the gpg man page, but didn't find an obvious solution.

score 18 · Answer 1 · answered Nov 17 '13 at 03:14

18

To print the fingerprint of an on-disk armored key without importing it, just use --with-fingerprint:

> gpg --with-fingerprint jm3.asc

pub  1024R/9112BC51 1996-02-05 john manoogian <jm3@*>
Key fingerprint = C9 DC 27 29 0E 1A DB 50  21 C8 64 08 15 29 41 86

uid                            john manoogian <jm3@foo...
uid                            john manoogian <jm3@bar...
uid                            john manoogian <jm3@baz...
uid                            john manoogian <jm3@qux...

Voilà!

answered Nov 17 '13 at 03:14

jm3

1,756
1
11
8

This will create a gnupg directory and a default keyring if one does not exist. The accepted answer does not have that side-effect. – Etan Reisner Aug 11 '14 at 03:30
`--with-fingerprint` is [optional](http://stackoverflow.com/a/27300700/52499). – x-yuri May 20 '15 at 13:21
1

This no longer works. My gpg version is 2.2.5. – Dan Milon May 08 '18 at 12:15

score 8 · Accepted Answer · answered Aug 08 '10 at 12:53

8

I don't know that gpg has an option for this, but here's a more flexible workaround for extracting information from the key file:

mkdir temp-gnupg-dir
export GNUPGHOME=temp-gnupg-dir
gpg --import pubkey.gpg
gpg --list-keys
rm -r temp-gnupg-dir

Instead of the GNUPGHOME environment variable, you can pass --homedir=temp-gnupg-dir to every gpg invocation.

answered Aug 08 '10 at 12:53

Gilles 'SO- stop being evil'

69,786
21
137
178

This is not pretty, but it is useful to know what options are *not* available, and this *is* a solution. So I thank you for that. – Chen Levy Aug 08 '10 at 13:27
1

While this will work, it's way more complicated than necessary. Below I posted how to do it without any of the importing or keychain switching. – jm3 Nov 17 '13 at 03:17

score 6 · Answer 3 · answered Feb 15 '12 at 17:29

6

You can checkout Kazu Yamamoto's PGP packet visualizer which displays the packet format of OpenPGP (RFC 4880) and PGP version 2 (RFC 1991).

To fetch and compile:

git clone http://github.com/kazu-yamamoto/pgpdump
cd pgpdump
./configure --prefix=/usr/local/ && make && sudo make install

Using it is even simpler:

pgpdump pubkey.gpg

There is also a cgi-bin interface available on this site: http://www.pgpdump.net/cgi-bin/pgpdump

answered Feb 15 '12 at 17:29

Claudio Floreani

832
1
9
12

1

This is awesome! And kudos to a fellow Haskeller Kazu :) BTW, pgpdump is packaged by Debian (and possibly other distros, too), so check it in the repositories before compiling it yourself. – Roman Cheplyaka Mar 01 '14 at 07:33
4

There's a similar to _pgpdump_ but not that verbose output from `gpg --list-packets` – JSmith May 21 '14 at 07:24

Emil Viesná · Answer 4 · 2023-02-08T11:59:26.237

0

There is more simple solution (tested for GnuPG 2.2.27):

gpg pubkey.gpg

Or, machine-readable result (some upgrades for @jm3 answer):

gpg --with-fingerprint --with-colons pubkey.gpg

edited Feb 08 '23 at 11:59

answered Feb 08 '23 at 11:55

Emil Viesná

1
2

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Feb 08 '23 at 12:07

Getting information from an armored gpg public key file

4 Answers4