Getting information from an armored gpg public key file

When given a file with an armored public GnuPG key, i.e. a file (pubkey.gpg) that was created with:

gpg -r 0xDEADBEEF --export --armored > pubkey.gpg

What is the best way to get information such as the finger print in that file, without importing it into my keyring?

The best way I found so far (and I am not happy with) is:

gpg --dry-run --import pubkey.gpg

Naturally, I grepped the gpg man page, but didn't find an obvious solution.

Chen Levy

Posted 2010-08-08T12:36:02.990

Reputation: 1 495

Answers

I don't know that gpg has an option for this, but here's a more flexible workaround for extracting information from the key file:

mkdir temp-gnupg-dir
export GNUPGHOME=temp-gnupg-dir
gpg --import pubkey.gpg
gpg --list-keys
rm -r temp-gnupg-dir

Instead of the GNUPGHOME environment variable, you can pass --homedir=temp-gnupg-dir to every gpg invocation.

Gilles 'SO- stop being evil'

Posted 2010-08-08T12:36:02.990

Reputation: 58 319

This is not pretty, but it is useful to know what options are not available, and this is a solution. So I thank you for that. – Chen Levy – 2010-08-08T13:27:05.037

1While this will work, it's way more complicated than necessary. Below I posted how to do it without any of the importing or keychain switching. – jm3 – 2013-11-17T03:17:03.933

To print the fingerprint of an on-disk armored key without importing it, just use --with-fingerprint:

> gpg --with-fingerprint jm3.asc

pub  1024R/9112BC51 1996-02-05 john manoogian <jm3@*>
Key fingerprint = C9 DC 27 29 0E 1A DB 50  21 C8 64 08 15 29 41 86

uid                            john manoogian <jm3@foo...
uid                            john manoogian <jm3@bar...
uid                            john manoogian <jm3@baz...
uid                            john manoogian <jm3@qux...

Voilà!

jm3

Posted 2010-08-08T12:36:02.990

Reputation: 848

This will create a gnupg directory and a default keyring if one does not exist. The accepted answer does not have that side-effect. – Etan Reisner – 2014-08-11T03:30:02.777

--with-fingerprint is optional. – x-yuri – 2015-05-20T13:21:59.087

1This no longer works. My gpg version is 2.2.5. – Dan Milon – 2018-05-08T12:15:47.947

You can checkout Kazu Yamamoto's PGP packet visualizer which displays the packet format of OpenPGP (RFC 4880) and PGP version 2 (RFC 1991).

To fetch and compile:

git clone http://github.com/kazu-yamamoto/pgpdump
cd pgpdump
./configure --prefix=/usr/local/ && make && sudo make install

Using it is even simpler:

pgpdump pubkey.gpg

There is also a cgi-bin interface available on this site: http://www.pgpdump.net/cgi-bin/pgpdump

Claudio Floreani

Posted 2010-08-08T12:36:02.990

Reputation: 682

1This is awesome! And kudos to a fellow Haskeller Kazu :)

BTW, pgpdump is packaged by Debian (and possibly other distros, too), so check it in the repositories before compiling it yourself. – Roman Cheplyaka – 2014-03-01T07:33:42.060

3There's a similar to pgpdump but not that verbose output from gpg --list-packets – JSmith – 2014-05-21T07:24:26.807