4
2
I have the following GPG public key stored inside a file called publickey.pub
and encoded in ASCII Armor (Radix-64):
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzNko/QAAAEEANZ2kpN/oMkz4tqzxvKPZws/XwsD0Y+E5/y7P2DIw4uHS/4N
syQbgkdrZhPBlXDv68DQioHXWsb904qyr7iZB1LC5ItK9MgqlK+Z2mvPqsGbHM8J
+oYib8kf2zJ6HvrYrP7NYB0tN9YYum2ICtx+hIi6aKGXdB1ATA5erwYmu0N9AAUR
tClSYWxmIFMuIEVuZ2Vsc2NoYWxsIDxyc2VAZW5nZWxzY2hhbGwuY29tPokAlQMF
EDNko/QOXq8GJrtDfQEBKVoD/2K/+4pcwhxok+FkuLwC5Pnuh/1oeOYHiKYwx0Z3
p09RLvDtNldr6VD+aL9JltxdPTARzZ8M50UqoF9jMr25GifheFYhilww41OVZA3e
cLXlLgda1+t0vWs3Eg/i2b0arQQDaIq7PeRdjdEDgwnG4xBaqaAqfgxwOXJ+LPWF
hiXZ
=K7lL
-----END PGP PUBLIC KEY BLOCK-----
If I type:
$ gpg --with-fingerprint publickey.pub
I get the fingerprint of the key:
Key fingerprint = 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Now, how does GPG do it? I mean, is there a command that I can run without using gpg
and still get the same fingerprint? With SSH, for example, given a public key I can do the following:
$ cat ~/.ssh/id_rsa.pub | awk '{print $2}' | base64 -D | md5
And that will return the same hash as:
$ ssh-keygen -l -f ~/.ssh/id_rsa.pub
I know that the actual content of the public key should be:
mQCNAzNko/QAAAEEANZ2kpN/oMkz4tqzxvKPZws/XwsD0Y+E5/y7P2DIw4uHS/4N
syQbgkdrZhPBlXDv68DQioHXWsb904qyr7iZB1LC5ItK9MgqlK+Z2mvPqsGbHM8J
+oYib8kf2zJ6HvrYrP7NYB0tN9YYum2ICtx+hIi6aKGXdB1ATA5erwYmu0N9AAUR
tClSYWxmIFMuIEVuZ2Vsc2NoYWxsIDxyc2VAZW5nZWxzY2hhbGwuY29tPokAlQMF
EDNko/QOXq8GJrtDfQEBKVoD/2K/+4pcwhxok+FkuLwC5Pnuh/1oeOYHiKYwx0Z3
p09RLvDtNldr6VD+aL9JltxdPTARzZ8M50UqoF9jMr25GifheFYhilww41OVZA3e
cLXlLgda1+t0vWs3Eg/i2b0arQQDaIq7PeRdjdEDgwnG4xBaqaAqfgxwOXJ+LPWF
hiXZ
Without the last =K7lL
part, which refers to the CRC checksum encoded in Base64. But if I type:
$ echo -n "mQCNAzNko/QAAAEEANZ2kpN/oMkz4tqzxvKPZws/XwsD0Y+E5/y7P2DIw4uHS/4N
> syQbgkdrZhPBlXDv68DQioHXWsb904qyr7iZB1LC5ItK9MgqlK+Z2mvPqsGbHM8J
> +oYib8kf2zJ6HvrYrP7NYB0tN9YYum2ICtx+hIi6aKGXdB1ATA5erwYmu0N9AAUR
> tClSYWxmIFMuIEVuZ2Vsc2NoYWxsIDxyc2VAZW5nZWxzY2hhbGwuY29tPokAlQMF
> EDNko/QOXq8GJrtDfQEBKVoD/2K/+4pcwhxok+FkuLwC5Pnuh/1oeOYHiKYwx0Z3
> p09RLvDtNldr6VD+aL9JltxdPTARzZ8M50UqoF9jMr25GifheFYhilww41OVZA3e
> cLXlLgda1+t0vWs3Eg/i2b0arQQDaIq7PeRdjdEDgwnG4xBaqaAqfgxwOXJ+LPWF
> hiXZ" | base64 -D | md5
I get the following output:
4697e84969da935454c7f2cdc19aaf08
Which, as you can see, doesn't match 00 C9 21 8E...
Checking the RFC 4880 -> https://tools.ietf.org/html/rfc4880#section-12.2:
For a V3 key, the eight-octet Key ID consists of the low 64 bits of
the public modulus of the RSA key.The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public
modulus n, followed by exponent e) with MD5. Note that both V3 keys
and MD5 are deprecated.A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99,
followed by the two-octet packet length, followed by the entire
Public-Key packet starting with the version field. The Key ID is the low-order 64 bits of the fingerprint.
How does it translate to a command line command?
EDIT 1: I am trying to do that with pgpdump -i
:
$ pgpdump -i publickey.pub
Old: Public Key Packet(tag 6)(141 bytes)
Ver 3 - old
Public key creation time - Mon Apr 28 17:19:48 MSD 1997
Valid days - 0[0 is forever]
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(1024 bits) - d6 76 92 93 7f a0 c9 33 e2 da b3 c6 f2 8f 67 0b 3f 5f 0b 03 d1 8f 84 e7 fc bb 3f 60 c8 c3 8b 87 4b fe 0d b3 24 1b 82 47 6b 66 13 c1 95 70 ef eb c0 d0 8a 81 d7 5a c6 fd d3 8a b2 af b8 99 07 52 c2 e4 8b 4a f4 c8 2a 94 af 99 da 6b cf aa c1 9b 1c cf 09 fa 86 22 6f c9 1f db 32 7a 1e fa d8 ac fe cd 60 1d 2d 37 d6 18 ba 6d 88 0a dc 7e 84 88 ba 68 a1 97 74 1d 40 4c 0e 5e af 06 26 bb 43 7d
RSA e(5 bits) - 11
Old: User ID Packet(tag 13)(41 bytes)
User ID - Ralf S. Engelschall <rse@engelschall.com>
Old: Signature Packet(tag 2)(149 bytes)
Ver 3 - old
Hash material(5 bytes):
Sig type - Generic certification of a User ID and Public Key packet(0x10).
Creation time - Mon Apr 28 17:19:48 MSD 1997
Key ID - 0x0E5EAF0626BB437D
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - MD5(hash 1)
Hash left 2 bytes - 29 5a
RSA m^d mod n(1023 bits) - 62 bf fb 8a 5c c2 1c 68 93 e1 64 b8 bc 02 e4 f9 ee 87 fd 68 78 e6 07 88 a6 30 c7 46 77 a7 4f 51 2e f0 ed 36 57 6b e9 50 fe 68 bf 49 96 dc 5d 3d 30 11 cd 9f 0c e7 45 2a a0 5f 63 32 bd b9 1a 27 e1 78 56 21 8a 5c 30 e3 53 95 64 0d de 70 b5 e5 2e 07 5a d7 eb 74 bd 6b 37 12 0f e2 d9 bd 1a ad 04 03 68 8a bb 3d e4 5d 8d d1 03 83 09 c6 e3 10 5a a9 a0 2a 7e 0c 70 39 72 7e 2c f5 85 86 25 d9
-> PKCS-1
How should I extract modulus and exponent? I guess I should do something with this portion of the output:
Hash left 2 bytes - 29 5a
RSA m^d mod n(1023 bits) - 62 bf fb 8a 5c c2 1c 68 93 e1 64 b8 bc 02 e4 f9 ee 87 fd 68 78 e6 07 88 a6 30 c7 46 77 a7 4f 51 2e f0 ed 36 57 6b e9 50 fe 68 bf 49 96 dc 5d 3d 30 11 cd 9f 0c e7 45 2a a0 5f 63 32 bd b9 1a 27 e1 78 56 21 8a 5c 30 e3 53 95 64 0d de 70 b5 e5 2e 07 5a d7 eb 74 bd 6b 37 12 0f e2 d9 bd 1a ad 04 03 68 8a bb 3d e4 5d 8d d1 03 83 09 c6 e3 10 5a a9 a0 2a 7e 0c 70 39 72 7e 2c f5 85 86 25 d9
I have tried to echo the binary values of those hex digits:
29 5a
(Hash left 2 bytes) concatenated with:
62 bf fb 8a 5c c2 1c 68 93 e1 64 b8 bc 02 e4 f9 ee 87 fd 68 78 e6 07 88 a6 30 c7 46 77 a7 4f 51 2e f0 ed 36 57 6b e9 50 fe 68 bf 49 96 dc 5d 3d 30 11 cd 9f 0c e7 45 2a a0 5f 63 32 bd b9 1a 27 e1 78 56 21 8a 5c 30 e3 53 95 64 0d de 70 b5 e5 2e 07 5a d7 eb 74 bd 6b 37 12 0f e2 d9 bd 1a ad 04 03 68 8a bb 3d e4 5d 8d d1 03 83 09 c6 e3 10 5a a9 a0 2a 7e 0c 70 39 72 7e 2c f5 85 86 25 d9
And the command I ended up with was:
$ echo -ne "\x29\x5a\x62\xbf\xfb\x8a\x5c\xc2\x1c\x68\x93\xe1\x64\xb8\xbc\x02\xe4\xf9\xee\x87\xfd\x68\x78\xe6\x07\x88\xa6\x30\xc7\x46\x77\xa7\x4f\x51\x2e\xf0\xed\x36\x57\x6b\xe9\x50\xfe\x68\xbf\x49\x96\xdc\x5d\x3d\x30\x11\xcd\x9f\x0c\xe7\x45\x2a\xa0\x5f\x63\x32\xbd\xb9\x1a\x27\xe1\x78\x56\x21\x8a\x5c\x30\xe3\x53\x95\x64\x0d\xde\x70\xb5\xe5\x2e\x07\x5a\xd7\xeb\x74\xbd\x6b\x37\x12\x0f\xe2\xd9\xbd\x1a\xad\x04\x03\x68\x8a\xbb\x3d\xe4\x5d\x8d\xd1\x03\x83\x09\xc6\xe3\x10\x5a\xa9\xa0\x2a\x7e\x0c\x70\x39\x72\x7e\x2c\xf5\x85\x86\x25\xd9" | md5
Which should output the binary data of those hex digits and then compute the MD5 hash on that binary data, but the hash I get is still different:
6f09f2ac5c5af1c6dd3833e584387103
I know I am doing it wrong but I didn't find infos on how to interpret the pgpdump
output correctly and which parts of what I should concatenate and then hash...
EDIT: Thanks to Jens Erat, with this little "OpenPGP's fingerprints geeking" I can conclude that:
For V3 keys RSA 1024 bit keys hashed with MD5, the fingerprint is computed against 129 bytes made up of the 128 bytes of the RSA n MPI (which starts at the byte offset 14 (provided that the first byte is at offset 1) of the raw OpenPGP public key exported with gpg --export $UID
) concatenated with 1 byte which is the byte at offset 144 and therefore omitting the 2 length bytes at offset 142 and 143, as RFC 4880 says.
The following command computes the fingerprint using raw GPG data and :
gpg --export $UID | xxd -p | tr -d '\n ' | tail \
-c +27 | cut -c -256,261-262 | sed -e 's/[0-9a-fA-F]\{2\}/\\\\x&/g' | while read TMP; do \
echo -ne $TMP; done | md5 | sed -e 's/[0-9a-f]\{2\}/ &/g' | \
awk '{print "\n MD5 fingerprint:"toupper($0)"\n"}'
Where $UID is the UID of the key holder.
For OpenPGP V4 RSA public keys, the story is different:
For 2048 bit RSA public keys, the fingerprint is obtained by hashing the first 272 bytes of the raw OpenPGP key data with SHA1:
gpg --export $UID | head -c 272 | shasum | grep -Eo "[0-9a-f]+" | sed -e 's/[0-9a-f]\{4\}/ &/g' | \
awk '{print "\n RSA 2048 bit SHA1 fingerprint:"toupper($0)"\n"}'
For 4096 bit RSA public keys, the fingerprint is obtained by hashing the first 528 bytes of the raw OpenPGP key data with SHA1:
gpg --export $UID | head -c 528 | shasum | \
grep -Eo "[0-9a-f]+" | sed -e 's/[0-9a-f]\{4\}/ &/g' | \
awk '{print "\n RSA 4096 SHA1 fingerprint:"toupper($0)"\n"}'
Should be enough. Anyway, using gpgsplit
with V4 keys seems to be more portable.
I am trying to use
pgpdump
as you suggested, please, check my edit! – user3019105 – 2015-09-13T12:31:13.390You used the wrong integers. You finally raised my own curiousness, I extended the answer with solutions for both calculating version 3 and 4 fingerprints. – Jens Erat – 2015-09-13T15:54:50.283
Thanks you Jens! Please, check my edit, also the following commands seem to work for V4 keys:
gpg --export $UID | head -c 272 | sha1sum
for 2048 RSA keys andgpg --export $UID | head -c 528 | sha1sum
for 4096 RSA keys. – user3019105 – 2015-09-14T20:17:39.750