Human-readable dump of gpg public key

Question

Is there some tool to write out the actual content of a GnuPG public key in a way a human can unserstand? I mean not only ascii-armor which a human can read and type, but something which really breaks down the data into large decimal numbers for the crypto part, strings for the UIDs, and so on? I'd really like to see what's in there.

Actual application today: I've two keys from the same person, created at the same date, but differing in fingerprint. The assumption is that one of them was created from the other by some kind of conversion, probably by importing the older key into a keychaing using recent software. I'd like to see what actually changed. Perhaps it's only the fingerprinting algorithm which changed, but perhaps there is more to it.

I found all the suggested answers before getting to this question. Unfortunately, this still sucks in being "human readable", espcially when the key has many signatures. I really expected gpg2 to readily give this information in some kind of `show-key` command :-( — Bluehorn, Nov 09 '18 at 09:29

mr.spuratic · Accepted Answer · 2014-01-06T21:52:58.647

28

Try

gpg --list-packets --verbose < pubkey.asc

It doesn't dump the key data, but it shows all the other details. To dump additional raw data parts you need debug flag 2, so add --debug 0x02, this will dump the keys and other data in hex. This works in GPG versions 1.2 and 1.4, but sadly not in 2.0 as support for dumping bignum (MPI) data is not enabled (see DBG_MPI in g10/parse-packet.c) for some reason.

Also try pgpdump:

pgpdump < pubkey.asc

edited Jan 06 '14 at 21:52

answered Jan 04 '14 at 14:29

mr.spuratic

2,658
21
20

Looks good, but it still omits some data: some things are abbreviated as `[1024 bits]` or the likes. I'd like to see those bits. I know you wrote that those aren't included. – MvG Jan 04 '14 at 14:39
1

Found it, debug flag 2, updated. – mr.spuratic Jan 04 '14 at 15:25
That debug flag doesn't work for me, for some reason. It prints a message abozt the flag being enabled, but does not print debugging info for it. Will probably have to dig through sources to find out why… @grawity: pgpdump looks very much like what I had in mind, thank you. Any particular reason you chose to edit an existing answer instead of posting a new one. After all, both are different suggestions, each with its own merits and drawbacks, so users might want to vote independently. – MvG Jan 04 '14 at 16:03
3

This debug flag is for MPI (bignum) debugging (`DBG_MPI`), it works as indicated in GPG 1.2/1.4, but it's not properly supported in GPG 2.0.x (it's commented out in `g10/parse-packet.c`) with a "FIXME" beside it... @grawity thanks for the tip on `pgpdump`, looks useful. – mr.spuratic Jan 06 '14 at 21:34

score 4 · Answer 2 · edited Oct 07 '21 at 07:34

4

While waiting for answers, I read RFC4880 (OpenPGP) and came up with some code of my own to parse and print the relevant portion of an exported packet stream. Far from complete, but it might be useful to others, so I'm posting this as well. Right now I see little benefit over that pgpdump suggested by @grawity, but who knows…

edited Oct 07 '21 at 07:34

Community

1

answered Jan 04 '14 at 16:01

MvG

1,479
2
14
26

score 3 · Answer 3 · edited Dec 03 '18 at 13:16

3

I've used pgpdump It works well, and shows nice human-readable output. It doesn't yet print Elliptic Curve keys, but it will at least tell you it is an EC key. If you select the "dump literals" option, it will show you the actual key data.

edited Dec 03 '18 at 13:16

friederbluemle

982
1
8
16

answered Sep 22 '14 at 18:23

Brian Minton

579
7
13

http://pastebin.com/pRezWQfP is an example of the output using my public key. – Brian Minton Sep 22 '14 at 18:32
1

Seems that site is gone, just some domain squatters there now... – npostavs May 17 '18 at 00:16
Yes, it seems that way. – Brian Minton May 18 '18 at 12:26

score 0 · Answer 4 · answered Feb 01 '23 at 20:54

pgpdump is good, and there is also sq packet dump, from the sequoia project, which I find more readable:

sq packet dump /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
Public-Key Packet, old CTB, 525 bytes
    Version: 4
    Creation time: 2018-09-17 15:01:46 UTC
    Pk algo: RSA
    Pk size: 4096 bits
    Fingerprint: F6ECB3762474EDA9D21B7022871920D1991BC93C
    KeyID: 871920D1991BC93C
  
User ID Packet, old CTB, 66 bytes
    Value: Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
  
Signature Packet, old CTB, 568 bytes
    Version: 4
    Type: PositiveCertification
    Pk algo: RSA
    Hash algo: SHA512
    Hashed area:
      Signature creation time: 2018-09-17 15:01:46 UTC
      Key flags: CS
      Symmetric algo preferences: AES256, AES192, AES128, CAST5, TripleDES
      Hash preferences: SHA256, SHA1, SHA384, SHA512, SHA224
      Compression preferences: Zlib, BZip2, Zip
      Features: MDC
      Keyserver preferences: no modify
    Unhashed area:
      Issuer: 871920D1991BC93C
    Digest prefix: 2C73
    Level: 0 (signature over data)
  
Signature Packet, old CTB, 563 bytes
    Version: 4
    Type: GenericCertification
    Pk algo: RSA
    Hash algo: SHA512
    Hashed area:
      Issuer Fingerprint: 153F1C9EF1395FBF00352E8D0BFB847F3F272F5B
      Signature creation time: 2018-09-17 15:12:03 UTC
    Unhashed area:
      Issuer: 0BFB847F3F272F5B
    Digest prefix: 6E17
    Level: 0 (signature over data)

Repo is at https://gitlab.com/sequoia-pgp/sequoia, crate is at https://lib.rs/crates/sequoia-sq), installable from cargo and many good package managers (Debian/Ubuntu/Arch/Fedora…)

Human-readable dump of gpg public key

4 Answers4