Human-readable dump of gpg public key

cryptographygnupgpublic-keypublic-key-encryption

Is there some tool to write out the actual content of a GnuPG public key in a way a human can unserstand? I mean not only ascii-armor which a human can read and type, but something which really breaks down the data into large decimal numbers for the crypto part, strings for the UIDs, and so on? I'd really like to see what's in there.

Actual application today: I've two keys from the same person, created at the same date, but differing in fingerprint. The assumption is that one of them was created from the other by some kind of conversion, probably by importing the older key into a keychaing using recent software. I'd like to see what actually changed. Perhaps it's only the fingerprinting algorithm which changed, but perhaps there is more to it.

Best Answer

Try

gpg --list-packets --verbose < pubkey.asc

It doesn't dump the key data, but it shows all the other details. To dump additional raw data parts you need debug flag 2, so add --debug 0x02, this will dump the keys and other data in hex. This works in GPG versions 1.2 and 1.4, but sadly not in 2.0 as support for dumping bignum (MPI) data is not enabled (see DBG_MPI in g10/parse-packet.c) for some reason.

Also try pgpdump:

pgpdump < pubkey.asc

Related Solutions

How to verify the trust path to a gpg key

You're right to be concerned; that Julien Danjou guy is slippery. (Kidding!)

I believe you're looking for this command:

gpg --list-keys --list-options show-uid-validity 8B78A5C2

How to ASCII-armor the public key without installing GPG

OpenPGP's "Radix-64" ASCII armor, described in RFC 4880 § 6, is mostly just standard Base64 with PEM-like begin/end headers, and with a CRC24 checksum at the end. It can be implemented like this:

Write the Armor Header Line; optional Armor Headers; and a blank line:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: conradpgp v1.0
(leave this line empty)

Write the Base64-encoded message, wrapped to 76 characters per line.
Write the checksum line, consisting of a = followed by the Base64-encoded Armor Checksum:

The checksum is a 24-bit Cyclic Redundancy Check (CRC) converted to
four characters of radix-64 encoding by the same MIME base64
transformation, preceded by an equal sign (=). The CRC is computed
by using the generator 0x864CFB and an initialization of 0xB704CE.
The accumulation is done on the data before it is converted to
radix-64, rather than on the converted data. A sample implementation
of this algorithm is in the next section.

(See section 6.1 for the example CRC24 code.)
Finally, write the Armor Tail:
```
-----END PGP PUBLIC KEY BLOCK-----
```

Best Answer

Related Solutions

How to verify the trust path to a gpg key

How to ASCII-armor the public key without installing GPG

Related Question