我有一个postgresql apt存储库gpg密钥的副本,并希望查看文件中的gpg密钥的详细信息.如果不将它导入钥匙圈,这可能吗?
Jen*_*rat 130
在查看OpenPGP密钥数据时,您可以获得几个详细级别:基本摘要,此摘要的机器可读输出或各个OpenPGP数据包的详细(非常技术性)列表.
对于OpenPGP密钥文件的简短峰值,您只需通过STDIN将文件名作为参数或管道传递给密钥数据.如果没有传递命令,GnuPG会尝试猜测你想要做什么 - 对于关键数据,这是在键上打印摘要:
$ gpg a4ff2279.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa8192 2012-12-25 [SC]
0D69E11F12BDBA077B3726AB4E1F799AA4FF2279
uid Jens Erat (born 1988-01-19 in Stuttgart, Germany)
uid Jens Erat <jens.erat@fsfe.org>
uid Jens Erat <jens.erat@uni-konstanz.de>
uid Jens Erat <jabber@jenserat.de>
uid Jens Erat <email@jenserat.de>
uid [jpeg image of size 12899]
sub rsa4096 2012-12-26 [E] [revoked: 2014-03-26]
sub rsa4096 2012-12-26 [S] [revoked: 2014-03-26]
sub rsa2048 2013-01-23 [S] [expires: 2023-01-21]
sub rsa2048 2013-01-23 [E] [expires: 2023-01-21]
sub rsa4096 2014-03-26 [S] [expires: 2020-09-03]
sub rsa4096 2014-03-26 [E] [expires: 2020-09-03]
sub rsa4096 2014-11-22 [A] [revoked: 2016-03-01]
sub rsa4096 2016-02-24 [A] [expires: 2020-02-23]
通过设置--keyid-format 0xlong,打印长密钥ID而不是不安全的短密钥ID:
$ gpg a4ff2279.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa8192/0x4E1F799AA4FF2279 2012-12-25 [SC]
0D69E11F12BDBA077B3726AB4E1F799AA4FF2279
uid Jens Erat (born 1988-01-19 in Stuttgart, Germany)
uid Jens Erat <jens.erat@fsfe.org>
uid Jens Erat <jens.erat@uni-konstanz.de>
uid Jens Erat <jabber@jenserat.de>
uid Jens Erat <email@jenserat.de>
uid [jpeg image of size 12899]
sub rsa4096/0x0F3ED8E6759A536E 2012-12-26 [E] [revoked: 2014-03-26]
sub rsa4096/0x2D6761A7CC85941A 2012-12-26 [S] [revoked: 2014-03-26]
sub rsa2048/0x9FF7E53ACB4BD3EE 2013-01-23 [S] [expires: 2023-01-21]
sub rsa2048/0x5C88F5D83E2554DF 2013-01-23 [E] [expires: 2023-01-21]
sub rsa4096/0x8E78E44DFB1B55E9 2014-03-26 [S] [expires: 2020-09-03]
sub rsa4096/0xCC73B287A4388025 2014-03-26 [E] [expires: 2020-09-03]
sub rsa4096/0x382D23D4C9773A5C 2014-11-22 [A] [revoked: 2016-03-01]
sub rsa4096/0xFF37A70EDCBB4926 2016-02-24 [A] [expires: 2020-02-23]
pub rsa1024/0x7F60B22EA4FF2279 2014-06-16 [SCEA] [revoked: 2016-08-16]
提供-v或-vv甚至会添加更多信息.在这种情况下,我更喜欢打印包装细节(见下文).
GnuPG还有一个冒号分隔的输出格式,可以轻松解析并具有稳定的格式.该格式在GnuPG的证明doc/DETAILS文件.接收此格式的选项是--with-colons.
$ gpg --with-colons a4ff2279.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub:-:8192:1:4E1F799AA4FF2279:1356475387:::-:
uid:::::::::Jens Erat (born 1988-01-19 in Stuttgart, Germany):
uid:::::::::Jens Erat <jens.erat@fsfe.org>:
uid:::::::::Jens Erat <jens.erat@uni-konstanz.de>:
uid:::::::::Jens Erat <jabber@jenserat.de>:
uid:::::::::Jens Erat <email@jenserat.de>:
uat:::::::::1 12921:
sub:-:4096:1:0F3ED8E6759A536E:1356517233:1482747633:::
sub:-:4096:1:2D6761A7CC85941A:1356517456:1482747856:::
sub:-:2048:1:9FF7E53ACB4BD3EE:1358985314:1674345314:::
sub:-:2048:1:5C88F5D83E2554DF:1358985467:1674345467:::
sub:-:4096:1:8E78E44DFB1B55E9:1395870592:1599164118:::
sub:-:4096:1:CC73B287A4388025:1395870720:1599164118:::
sub:-:4096:1:382D23D4C9773A5C:1416680427:1479752427:::
sub:-:4096:1:FF37A70EDCBB4926:1456322829:1582466829:::
从GnuPG 2.1.23开始,gpg: WARNING: no command supplied. Trying to guess what you mean ...通过将该--import-options show-only选项与--import命令一起使用可以省略警告(--with-colons当然,这也没有用):
$ gpg --with-colons --import-options show-only --import a4ff2279
[snip]
对于旧版本:警告消息打印在STDERR上,因此您只需读取STDIN即可将警告中的关键信息拆分开来.
无需安装任何其他软件包,您可以使用gpg --list-packets [file]查看文件中包含的OpenPGP数据包的信息.
$ gpg --list-packets a4ff2279.asc
:public key packet:
version 4, algo 1, created 1356475387, expires 0
pkey[0]: [8192 bits]
pkey[1]: [17 bits]
keyid: 4E1F799AA4FF2279
:user ID packet: "Jens Erat (born 1988-01-19 in Stuttgart, Germany)"
:signature packet: algo 1, keyid 4E1F799AA4FF2279
version 4, created 1356516623, md5len 0, sigclass 0x13
digest algo 2, begin of digest 18 46
hashed subpkt 27 len 1 (key flags: 03)
[snip]
该pgpdump [file]工具类似于gpg --list-packets并提供类似的输出,但将所有这些算法标识符解析为可读表示.它可用于所有相关的发行版(在Debian衍生版本中,包被称为pgpdump工具本身).
$ pgpdump a4ff2279.asc
Old: Public Key Packet(tag 6)(1037 bytes)
Ver 4 - new
Public key creation time - Tue Dec 25 23:43:07 CET 2012
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(8192 bits) - ...
RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(49 bytes)
User ID - Jens Erat (born 1988-01-19 in Stuttgart, Germany)
Old: Signature Packet(tag 2)(1083 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA1(hash 2)
Hashed Sub: key flags(sub 27)(1 bytes)
[snip]
The*_*bot 28
我似乎能够简单地相处:
$gpg <path_to_file>
哪个输出像这样:
$ gpg /tmp/keys/something.asc
pub 1024D/560C6C26 2014-11-26 Something <something@none.org>
sub 2048g/0C1ACCA6 2014-11-26
op没有具体说明哪些关键信息是相关的.这个输出是我关心的.
Ron*_*son 26
要验证并列出密钥的指纹(不先将其导入密钥环),请键入
gpg --with-fingerprint <filename>
该选项--list-packets解析文件中的pgp数据并输出其结构-尽管这是一种非常技术性的方法。解析公共密钥时,您可以轻松提取签名的用户ID和密钥ID。
请注意,此命令仅解析数据格式,不验证签名或类似内容。
小智 6
您还可以使用--keyid-formatswitch 来显示短键或长键 ID:
$ gpg2 -n --with-fingerprint --keyid-format=short --show-keys <filename>
输出如下(来自 PostgreSQL CentOS 存储库密钥的示例):
pub dsa1024/442DF0F8 2008-01-08 [SCA] ?
Key fingerprint = 68C9 E2B9 1A37 D136 FE74 D176 1F16 D2E1 442D F0F8 ? honor-keyserver-url
uid PostgreSQL RPM Building Project <pgsqlrpms-hackers@pgfoundry.org> ? When using --refresh-keys, if the key in question has a preferred keyserver URL, then use that
sub elg2048/D43F1AF8 2008-01-08 [E]
要获取密钥 ID(8 个字节,16 个十六进制数字),这是在 GPG 1.4.16、2.1.18 和 2.2.19 中对我有用的命令:
gpg --list-packets <key.asc | awk '$1=="keyid:"{print$2}'
要获取更多信息(除了密钥 ID 之外):
gpg --list-packets <key.asc
要获取更多信息:
gpg --list-packets -vvv --debug 0x2 <key.asc
命令
gpg --dry-run --import <key.asc
也适用于所有 3 个版本,但在 GPG 1.4.16 中,它仅打印一个短(4 个字节,8 个十六进制数字)密钥 ID,因此识别密钥的安全性较低。
其他答案中的某些命令(例如gpg --show-keys、gpg --with-fingerprint、gpg --import --import-options show-only)在上述 3 个 GPG 版本中的某些版本中不起作用,因此在针对多个版本的 GPG 时它们不可移植。
| 归档时间: |
|
| 查看次数: |
84961 次 |
| 最近记录: |