How can I display actual public/private key of key pair I just generated with gpg?

Asked 10/12, 2020 at 21:50 Answered 3/7 at 17:27

I just created a key-pair locally on my linux machine with the gpg command:

gpg --gen-key

Then I tried to display the information about my key-pair with the gpg command:

 gpg --list-keys

The long alpha-numeric number outputed by the above command is (from what I understand from reading the doc), the fingerprint of the public key of the pair, which is the result of applying a hash function on the public key.

Is this correct?
How can I see the actual public and private keys of the pair I generated? I know this isn't directly useful for encrypting or signing, I'm just curious to see what they look like

Thanks

Astomatous answered 10/12, 2020 at 21:50 Comment(0)

To see the actual keys, use the "export" commands (--export and --export-secret-keys). You can specify which key to output by passing it the fingerprint of the key, you want to see.

Let's say you have a key with the fingerprint FINGERPRINT. Then you would export the public key to stdout via

gpg --export FINGERPRINT

At least in my version and configuration of bash, this does not produce readable output because of encoding (i guess). To get a more readable output, you may export the key to a file via the output option. As stated in the manual (man gpg) the command syntax is as follows:

gpg [--homedir dir] [--options file] [options] command [args]

So if you want to export to let's say your home directory into a file MyPubKey.txt you can use this command:

gpg --output ~/MyPubKey.txt --export FINGERPRINT

The same is valid for your private key, you just have to use --export-secret-key instead of --export. But keep in mind, that this poses a possible security risk. If you export your private key to an insecure (non-encrypted, accessible) storage device (a thumb stick for instance), your private key may well be retrievable, even if you have deleted it!

Apriorism answered 17/11, 2023 at 7:41 Comment(2)

I get wonky encoding no matter if I use --output or let it print to stdout... Win10, GnuPG 2.4.5 (bundled w/ Git for Windows). Hmmm... – Throw 3/7 at 17:7

I realized the problem with unprintable keys. TL;DR you need to supply the --armor / -a switch to enable ASCII-armored output. Otherwise, gpg defaults to its binary PGP format. – Throw 3/7 at 17:10

As already stated, yes you are correct.
Read on:

Viewing the actual keys in the pair

not just the keys list (gpg -k / gpg -K)
maybe you want to copy/paste the public key somewhere, like GitHub, or your friend's inbox~
since you already know how to get your keypair's fingerprint, I'll skip over that process and assume that our fingerprint is C9621D5191424BDE21A01F3F2DEF041012B48E97

# output public key to terminal
gpg --armor --export C9621D5191424BDE21A01F3F2DEF041012B48E97
# .. or private key (may prompt you to unlock)
gpg --armor --export-secret-key C9621D5191424BDE21A01F3F2DEF041012B48E97

The --armor / -a switch produces a printable key (ASCII) instead of the default binary PGP format.
This makes the output play nice with terminals as well as your clipboard.
Tip: You can leverage the --output file / -o file switch mentioned by others if you don't know how to pipe the output into your clipboard. (Open in a text editor to select + copy text.)
On Win10, you can pipe stdout to the OS clipboard with gpg [...] | clip. Other OSes are similarly easy but I won't enumerate all of them here.

Throw answered 3/7 at 17:27 Comment(0)

about your questions:

Yes, that is correct;
You can use gpg --list-keys or gpg -k to list all your keys. Also, you can use gpg --list-secret-keys (pub means public keys, while sec means secret [private] keys).

Frons answered 31/12, 2020 at 1:42 Comment(0)

Viewing the actual keys in the pair

Recommended topics

Hot tags