Why is gpg –list-keys sometimes printing subkeys, sometimes not

gnupgopenpgp

This question occured in the comments of "How do I display the usage flags for my encryption keys in a less hackish way?", and seems worth being answered in a Q&A form as the answer is not actually obvious.

To view Torvald's OpenPGP key 449FA3AB, I use gpg2 --list-keys 449FA3AB, which outputs

$ gpg2 --list-keys 449FA3AB
pub   1024D/449FA3AB 1999-10-05 [expired: 2001-10-04]
uid       [ expired] Linus Torvalds <torvalds@transmeta.com>

Usually, this command also lists subkeys, but no subkeys are printed for Torvald's key. Yet, when requesting batch output, there is one included.

$ gpg2 --with-colons --list-keys 449FA3AB
tru::1:1414619239:1414879758:3:1:5
pub:e:1024:17:956EB7BF449FA3AB:939086351:1002158351::-:::sca:
uid:e::::939086351::81A3799583B9B1B391E4C428112F302FF2ADF462::Linus Torvalds <torvalds@transmeta.com>:
sub:e:2048:16:71CE8207BFF491C5:939086545:1002158545:::::e:

Seems like this Torvalds-key has some special feature that hides the sub-key. What happened here?

Best Answer

Expired Keys

This is no special feature, but Torvalds primary key is expired quite some time ago, and in consequence also the subkey. The answer is hidden in GnuPG's --list-options section of the man pages, as by default expired subkeys are hidden. From man gpg2:

show-unusable-subkeys
        Show revoked and expired subkeys in key listings. Defaults to no.

By specifying this argument, the subkey will show up:

$ gpg2 --list-options show-unusable-subkeys --list-keys 449FA3AB
pub   1024D/449FA3AB 1999-10-05 [expired: 2001-10-04]
uid       [ expired] Linus Torvalds <torvalds@transmeta.com>
sub   2048g/BFF491C5 1999-10-05 [expired: 2001-10-04]

Travelling Back in Time

You can also verify this using the helpful faketime program to set the system time back some years for GnuPG. By travelling back in time to some date where Torvalds key was valid, the subkey will show up again:

$ faketime 2001-01-01 gpg2 --list-keys 449FA3AB
pub   1024D/449FA3AB 1999-10-05 [expires: 2001-10-04]
uid       [ unknown] Linus Torvalds <torvalds@transmeta.com>
sub   2048g/BFF491C5 1999-10-05 [expires: 2001-10-04]

Related Solutions

Gpg –list-keys output after deleting secret key

GPG stores public and private keys in different places.

You output mentions : /home/kshitiz/.gnupg/pubring.gpg which holds the "public" key (pubring)

If you want to list private keys you have to use the --list-secret-keys switch.

As per why the key 8F64D7E0 does not get deleted, it's because you asked to destroy the private key only. Since deleting a private key does not impact the public key, there is no need for it to be cascade deleted.

How GPG generates an MD5 fingerprint given a public key

For OpenPGP keys, it is not as easy as with SSH. The fingerprint is not calculated from the whole Base64-encoded public key, but only on some (binary) parts of it.

For a version 3 OpenPGP key, what you'd have to do is:

Parse the OpenPGP public key packet
For RSA, extract modulus and exponent
Concatenate their binary values
Calculate the hashsum

For step 1 and 2, you can rely the tool pgpdump, which can parse and output the numbers using the -i flag.

For version 4 keys, it even gets more complicated.

If you want to calculate the hashsum for educational purposes, I'd recommend extending pgpdump instead and use all the available parser code, so you can directly work on the extracted information. I'm pretty sure handling the binary information will be easier than with pure shell code, either.

UPDATE: You used the wrong integers. Use the ones in lines RSA n and RSA e instead. Putting everything together in a few lines using standard tools:

pgpdump -i publickey.pub | \
grep -E '(RSA n|RSA e)' | \
cut -d'-' -f2 | \
tr -d "\n " | \
perl -e 'print pack "H*", <STDIN>' | \
md5sum

pgpdump -i dumps the key's MPIs, which we grep out, cut off eeverything we don't need, translate away all the whitespace, convert to binary using perl and finally calculate the md5sum.

Running on the key your provided:

$ pgpdump -i publickey.pub | \
> grep -E '(RSA n|RSA e)' | \
> cut -d'-' -f2 | \
> tr -d "\n " | \
> perl -e 'print pack "H*", <STDIN>' | \
> md5sum
00c9218ed1ab7037dd67a23a0a6f8da5  -

Seems pretty much to be what we're looking for.

For the sake of completeness, the same for version 4 keys, where you need another toolchain. We need the full public key packet. To decompose an OpenPGP message, gpgsplit comes in handy. Afterwards, you can immediately calculate the sha1sum of the file:

gpgsplit publickey.pub; sha1sum *.public_key

For example, running on my own key:

$ gpgsplit publickey.pub; sha1sum *.public_key
0d69e11f12bdba077b3726ab4e1f799aa4ff2279  000001-006.public_key