With GnuPG, the original filename can be seen in gpg --list-packets
.
$ gpg --list-packets test.gpg
:pubkey enc packet: version 3, algo 1, keyid CE7B5510340F19EF
data: [4095 bits]
:encrypted data packet:
length: 67
mdc_method: 2
gpg: encrypted with 4096-bit RSA key, ID CE7B5510340F19EF, created 2009-10-31
"Mantas Mikulėnas <grawity@gmail.com>"
:compressed packet: algo=2
:literal data packet:
mode b (62), created 1356362981, name="passwords.txt",
raw data: 8 bytes
(Note: The entire literal data packet, including the filename, is encrypted. If you don't have the private key, you cannot see the name either.)
Alternatively, you can use --decrypt
along with with --verbose
(or -v -d
for short):
$ gpg --verbose --decrypt test.gpg > NUL
gpg: public key is CE7B5510340F19EF
gpg: using subkey CE7B5510340F19EF instead of primary key D24F6CB2C1B52632
4096-bit RSA key, ID CE7B5510340F19EF, created 2009-10-31
(subkey on main key ID D24F6CB2C1B52632)
gpg: encrypted with 4096-bit RSA key, ID CE7B5510340F19EF, created 2009-10-31
"Mantas Mikulėnas <grawity@gmail.com>"
gpg: AES256 encrypted data
gpg: original file name='passwords.txt'
(In Linux, use > /dev/null
instead.)
If you want to decrypt and save the entire file, use the --use-embedded-filename
option:
$ gpg -v --use-embedded-filename test.gpg
…boring output…
gpg: original file name='passwords.txt'
File `passwords.txt' exists. Overwrite? (y/N) n
(Note: You should not use -d
or --decrypt
with this option, since it never uses the embedded filename. Instead, use the "default" action.)
Do not forget that not all files have names. In Linux, gpg
is often used to encrypt another program's output directly, without saving it in a file. It would then show up as:
$ echo Testing | gpg --store | gpg --list-packets
:compressed packet: algo=1
:literal data packet:
mode b (62), created 1356362394, name="",
raw data: 8 bytes
When encrypting (or just storing), the embedded filename can be changed with --set-filename
.
$ echo Testing | gpg --store --set-filename "test.txt" | gpg --list-packets
:compressed packet: algo=1
:literal data packet:
mode b (62), created 1356362790, name="test.txt",
raw data: 8 bytes
Best Answer
From RFC 4880:
For V3 keys, calculation is similar, but the key length is omitted.
In other words, the fingerprint is calculated from a constant, the packet length and finally a part of the public key packet. Further explanation on what's included (and thus how to calculate it) in the linked RFC.
The (long) key id is represented by the lowest 64 bits, and is used as the full fingerprint is an unhandy and long value. Even more often, the short key id formed by the lowest-order 32 bits is used. These short key IDs are often considered to have a too high chance of collisions and usage of at least the long ID, if not even full fingerprint is recommended.
Recapped in a few words:
The fingerprint is the hash value calculated from the public key packet. The key IDs are a part of the fingerprint:
Sometimes, the IDs get prefixed by
0x
as they're hex values.