如何显示gpg关键细节而不导入?
我有一个postgresql apt repository gpg密钥的副本,并希望查看文件中的gpg密钥的详细信息。 这可能没有导入到一个钥匙圈?
在查看OpenPGP密钥数据时,您可以获得几个详细级别:基本概要,本摘要的机器可读输出或单个OpenPGP数据包的详细(非常技术性)列表。
基本密钥信息
对于OpenPGP密钥文件中的简短峰值,您可以简单地通过STDIN将密钥数据中的文件名作为参数或pipe道传递。 如果没有命令通过,GnuPG会尝试猜测你想要做什么 – 对于关键数据,这是在键上打印摘要:
$ gpg a4ff2279.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa8192 2012-12-25 [SC] 0D69E11F12BDBA077B3726AB4E1F799AA4FF2279 uid Jens Erat (born 1988-01-19 in Stuttgart, Germany) uid Jens Erat <jens.erat@fsfe.org> uid Jens Erat <jens.erat@uni-konstanz.de> uid Jens Erat <jabber@jenserat.de> uid Jens Erat <email@jenserat.de> uid [jpeg image of size 12899] sub rsa4096 2012-12-26 [E] [revoked: 2014-03-26] sub rsa4096 2012-12-26 [S] [revoked: 2014-03-26] sub rsa2048 2013-01-23 [S] [expires: 2023-01-21] sub rsa2048 2013-01-23 [E] [expires: 2023-01-21] sub rsa4096 2014-03-26 [S] [expires: 2020-09-03] sub rsa4096 2014-03-26 [E] [expires: 2020-09-03] sub rsa4096 2014-11-22 [A] [revoked: 2016-03-01] sub rsa4096 2016-02-24 [A] [expires: 2020-02-23]
通过设置--keyid-format 0xlong
,打印长密钥ID而不是不安全的短密钥ID :
$ gpg a4ff2279.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa8192/0x4E1F799AA4FF2279 2012-12-25 [SC] 0D69E11F12BDBA077B3726AB4E1F799AA4FF2279 uid Jens Erat (born 1988-01-19 in Stuttgart, Germany) uid Jens Erat <jens.erat@fsfe.org> uid Jens Erat <jens.erat@uni-konstanz.de> uid Jens Erat <jabber@jenserat.de> uid Jens Erat <email@jenserat.de> uid [jpeg image of size 12899] sub rsa4096/0x0F3ED8E6759A536E 2012-12-26 [E] [revoked: 2014-03-26] sub rsa4096/0x2D6761A7CC85941A 2012-12-26 [S] [revoked: 2014-03-26] sub rsa2048/0x9FF7E53ACB4BD3EE 2013-01-23 [S] [expires: 2023-01-21] sub rsa2048/0x5C88F5D83E2554DF 2013-01-23 [E] [expires: 2023-01-21] sub rsa4096/0x8E78E44DFB1B55E9 2014-03-26 [S] [expires: 2020-09-03] sub rsa4096/0xCC73B287A4388025 2014-03-26 [E] [expires: 2020-09-03] sub rsa4096/0x382D23D4C9773A5C 2014-11-22 [A] [revoked: 2016-03-01] sub rsa4096/0xFF37A70EDCBB4926 2016-02-24 [A] [expires: 2020-02-23] pub rsa1024/0x7F60B22EA4FF2279 2014-06-16 [SCEA] [revoked: 2016-08-16]
提供-v
或-vv
甚至会添加更多信息。 在这种情况下,我更喜欢打印包装细节(参见下文)。
机器可读输出
GnuPG也有一个以冒号分隔的输出格式,这个格式很容易parsing,并且格式稳定。 格式logging在GnuPG doc/DETAILS
文件中 。 接收这种格式的选项是--with-colons
。
$ gpg --with-colons a4ff2279.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub:-:8192:1:4E1F799AA4FF2279:1356475387:::-: uid:::::::::Jens Erat (born 1988-01-19 in Stuttgart, Germany): uid:::::::::Jens Erat <jens.erat@fsfe.org>: uid:::::::::Jens Erat <jens.erat@uni-konstanz.de>: uid:::::::::Jens Erat <jabber@jenserat.de>: uid:::::::::Jens Erat <email@jenserat.de>: uat:::::::::1 12921: sub:-:4096:1:0F3ED8E6759A536E:1356517233:1482747633::: sub:-:4096:1:2D6761A7CC85941A:1356517456:1482747856::: sub:-:2048:1:9FF7E53ACB4BD3EE:1358985314:1674345314::: sub:-:2048:1:5C88F5D83E2554DF:1358985467:1674345467::: sub:-:4096:1:8E78E44DFB1B55E9:1395870592:1599164118::: sub:-:4096:1:CC73B287A4388025:1395870720:1599164118::: sub:-:4096:1:382D23D4C9773A5C:1416680427:1479752427::: sub:-:4096:1:FF37A70EDCBB4926:1456322829:1582466829:::
由于GnuPG 2.1.23, gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: WARNING: no command supplied. Trying to guess what you mean ...
警告可以通过使用--import-options show-only
选项一起使用--import
命令(当然也可以不使用--with-colons
):
$ gpg --with-colons --import-options show-only --import a4ff2279 [snip]
对于旧版本:警告消息打印在STDERR上,所以您只需阅读STDIN即可将警告中的关键信息分开。
技术细节:列出OpenPGP数据包
在不安装任何其他软件包的情况下,可以使用gpg --list-packets [file]
来查看文件中包含的OpenPGP数据包的信息。
$ gpg --list-packets a4ff2279.asc :public key packet: version 4, algo 1, created 1356475387, expires 0 pkey[0]: [8192 bits] pkey[1]: [17 bits] keyid: 4E1F799AA4FF2279 :user ID packet: "Jens Erat (born 1988-01-19 in Stuttgart, Germany)" :signature packet: algo 1, keyid 4E1F799AA4FF2279 version 4, created 1356516623, md5len 0, sigclass 0x13 digest algo 2, begin of digest 18 46 hashed subpkt 27 len 1 (key flags: 03) [snip]
pgpdump [file]
工具与gpg --list-packets
类似,并提供类似的输出,但将所有这些algorithm标识符parsing为可读表示。 它可能适用于所有相关的发行版(在Debian衍生产品中,该包被称为pgpdump
就像工具本身一样)。
$ pgpdump a4ff2279.asc Old: Public Key Packet(tag 6)(1037 bytes) Ver 4 - new Public key creation time - Tue Dec 25 23:43:07 CET 2012 Pub alg - RSA Encrypt or Sign(pub 1) RSA n(8192 bits) - ... RSA e(17 bits) - ... Old: User ID Packet(tag 13)(49 bytes) User ID - Jens Erat (born 1988-01-19 in Stuttgart, Germany) Old: Signature Packet(tag 2)(1083 bytes) Ver 4 - new Sig type - Positive certification of a User ID and Public Key packet(0x13). Pub alg - RSA Encrypt or Sign(pub 1) Hash alg - SHA1(hash 2) Hashed Sub: key flags(sub 27)(1 bytes) [snip]
我似乎可以简单地相处:
$gpg <path_to_file>
这样的输出:
$ gpg /tmp/keys/something.asc pub 1024D/560C6C26 2014-11-26 Something <something@none.org> sub 2048g/0C1ACCA6 2014-11-26
运营商没有具体规定什么关键信息是相关的。 这个输出是我所关心的。
要validation并列出密钥的指纹(不先将其导入密钥环),请键入
gpg --with-fingerprint <filename>
尽pipe如此,选项--list-packets
parsing文件中的pgp数据并输出其结构 – 以非常技术性的方式。 parsing公钥时,您可以轻松提取签名的用户ID和密钥ID。
要小心,这个命令只能parsing数据格式,不能validation签名或类似的东西。
当我偶然发现这个答案时,我正在寻找一种方法来获得一个容易parsing的输出。 对我来说,select--with-colons
做了诀窍:
$ gpg --with-colons file sec::4096:1:AAAAAAAAAAAAAAAA:YYYY-MM-DD::::Name (comment) email ssb::4096:1:BBBBBBBBBBBBBBBB:YYYY-MM-DD::::
文档可以在这里find。