我有一份 postgresql apt 存储库 gpg 密钥的副本,并且想查看文件中 gpg 密钥的详细信息。如果不将其导入密钥环,这可能吗?
查看 OpenPGP 关键数据时,您可以获得几个详细级别:基本摘要、此摘要的机器可读输出或单个 OpenPGP 数据包的详细(且非常技术性)列表。
对于 OpenPGP 密钥文件的短暂峰值,您可以通过 STDIN 将文件名作为参数或管道传递给密钥数据。如果没有传递任何命令,GnuPG 会尝试猜测你想要做什么——对于关键数据,这是在关键上打印一个摘要:
$ gpg a4ff2279.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa8192 2012-12-25 [SC] 0D69E11F12BDBA077B3726AB4E1F799AA4FF2279 uid Jens Erat (born 1988-01-19 in Stuttgart, Germany) uid Jens Erat <jens.erat@fsfe.org> uid Jens Erat <jens.erat@uni-konstanz.de> uid Jens Erat <jabber@jenserat.de> uid Jens Erat <email@jenserat.de> uid [jpeg image of size 12899] sub rsa4096 2012-12-26 [E] [revoked: 2014-03-26] sub rsa4096 2012-12-26 [S] [revoked: 2014-03-26] sub rsa2048 2013-01-23 [S] [expires: 2023-01-21] sub rsa2048 2013-01-23 [E] [expires: 2023-01-21] sub rsa4096 2014-03-26 [S] [expires: 2020-09-03] sub rsa4096 2014-03-26 [E] [expires: 2020-09-03] sub rsa4096 2014-11-22 [A] [revoked: 2016-03-01] sub rsa4096 2016-02-24 [A] [expires: 2020-02-23]
通过设置--keyid-format 0xlong,打印长密钥 ID而不是不安全的短密钥 ID:
--keyid-format 0xlong
$ gpg a4ff2279.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa8192/0x4E1F799AA4FF2279 2012-12-25 [SC] 0D69E11F12BDBA077B3726AB4E1F799AA4FF2279 uid Jens Erat (born 1988-01-19 in Stuttgart, Germany) uid Jens Erat <jens.erat@fsfe.org> uid Jens Erat <jens.erat@uni-konstanz.de> uid Jens Erat <jabber@jenserat.de> uid Jens Erat <email@jenserat.de> uid [jpeg image of size 12899] sub rsa4096/0x0F3ED8E6759A536E 2012-12-26 [E] [revoked: 2014-03-26] sub rsa4096/0x2D6761A7CC85941A 2012-12-26 [S] [revoked: 2014-03-26] sub rsa2048/0x9FF7E53ACB4BD3EE 2013-01-23 [S] [expires: 2023-01-21] sub rsa2048/0x5C88F5D83E2554DF 2013-01-23 [E] [expires: 2023-01-21] sub rsa4096/0x8E78E44DFB1B55E9 2014-03-26 [S] [expires: 2020-09-03] sub rsa4096/0xCC73B287A4388025 2014-03-26 [E] [expires: 2020-09-03] sub rsa4096/0x382D23D4C9773A5C 2014-11-22 [A] [revoked: 2016-03-01] sub rsa4096/0xFF37A70EDCBB4926 2016-02-24 [A] [expires: 2020-02-23] pub rsa1024/0x7F60B22EA4FF2279 2014-06-16 [SCEA] [revoked: 2016-08-16]
提供-v或-vv什至会添加更多信息。不过,在这种情况下,我更喜欢打印包裹的详细信息(见下文)。
-v
-vv
GnuPG 还有一个冒号分隔的输出格式,易于解析,格式稳定。该格式记录在 GnuPGdoc/DETAILS文件中。接收这种格式的选项是--with- colons.
doc/DETAILS
--with- colons
$ gpg --with-colons a4ff2279.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub:-:8192:1:4E1F799AA4FF2279:1356475387:::-: uid:::::::::Jens Erat (born 1988-01-19 in Stuttgart, Germany): uid:::::::::Jens Erat <jens.erat@fsfe.org>: uid:::::::::Jens Erat <jens.erat@uni-konstanz.de>: uid:::::::::Jens Erat <jabber@jenserat.de>: uid:::::::::Jens Erat <email@jenserat.de>: uat:::::::::1 12921: sub:-:4096:1:0F3ED8E6759A536E:1356517233:1482747633::: sub:-:4096:1:2D6761A7CC85941A:1356517456:1482747856::: sub:-:2048:1:9FF7E53ACB4BD3EE:1358985314:1674345314::: sub:-:2048:1:5C88F5D83E2554DF:1358985467:1674345467::: sub:-:4096:1:8E78E44DFB1B55E9:1395870592:1599164118::: sub:-:4096:1:CC73B287A4388025:1395870720:1599164118::: sub:-:4096:1:382D23D4C9773A5C:1416680427:1479752427::: sub:-:4096:1:FF37A70EDCBB4926:1456322829:1582466829:::
从 GnuPG 2.1.23 开始,gpg: WARNING: no command supplied. Trying to guess what you mean ...可以通过将--import-options show- only选项与--import命令一起使用来省略警告(当然,这也可以不--with-colons使用 ):
gpg: WARNING: no command supplied. Trying to guess what you mean ...
--import-options show- only
--import
--with-colons
$ gpg --with-colons --import-options show-only --import a4ff2279 [snip]
对于旧版本:警告消息打印在 STDERR 上,因此您只需阅读 STDIN 即可将关键信息与警告分开。
无需安装任何其他软件包,您就可以使用 gpg --list-packets [file] 查看文件中包含的 OpenPGP 数据包的信息。
gpg --list-packets [file]
$ gpg --list-packets a4ff2279.asc :public key packet: version 4, algo 1, created 1356475387, expires 0 pkey[0]: [8192 bits] pkey[1]: [17 bits] keyid: 4E1F799AA4FF2279 :user ID packet: "Jens Erat (born 1988-01-19 in Stuttgart, Germany)" :signature packet: algo 1, keyid 4E1F799AA4FF2279 version 4, created 1356516623, md5len 0, sigclass 0x13 digest algo 2, begin of digest 18 46 hashed subpkt 27 len 1 (key flags: 03) [snip]
该 pgpdump [file] 工具的工作方式类似于gpg --list- packets并提供类似的输出,但将所有这些算法标识符解析为可读表示。它可能适用于所有相关的发行版(在 Debian 衍生产品上,该软件包被称为pgpdump工具本身)。
pgpdump [file]
gpg --list- packets
pgpdump
$ pgpdump a4ff2279.asc Old: Public Key Packet(tag 6)(1037 bytes) Ver 4 - new Public key creation time - Tue Dec 25 23:43:07 CET 2012 Pub alg - RSA Encrypt or Sign(pub 1) RSA n(8192 bits) - ... RSA e(17 bits) - ... Old: User ID Packet(tag 13)(49 bytes) User ID - Jens Erat (born 1988-01-19 in Stuttgart, Germany) Old: Signature Packet(tag 2)(1083 bytes) Ver 4 - new Sig type - Positive certification of a User ID and Public Key packet(0x13). Pub alg - RSA Encrypt or Sign(pub 1) Hash alg - SHA1(hash 2) Hashed Sub: key flags(sub 27)(1 bytes) [snip]