Get fingerprints of OpenPGP keys

Asked 22/10, 2017 at 22:5 Answered 16/3, 2022 at 16:49

I'm trying to get the fingerprints from the public OpenPGP keys of ActiveMQ. They are published at http://www.apache.org/dist/activemq/KEYS.

Unfortunately, not all the keys have fingerprints listed next to them. Do you have any idea how to proceed?

Sly answered 22/10, 2017 at 22:5 Comment(1)

See also an answer on unix.stackexchange GnuPG command to show key info from file cat pubkey | gpg --import-options show-only --import – Bullyboy 6/5, 2020 at 9:58

I used this command (tested with gpg 2.2.12):

 gpg --show-keys file.pub

For old versions, see the answer from Jens Erat. With newer versions gpg --with-fingerprint does not work and returns:

gpg: WARNING: no command supplied.  Trying to guess what you mean ...

Rink answered 27/8, 2021 at 14:43 Comment(0)

The fingerprint is derived from the public key and creation timestamp -- both are contained in the public keys listed on the site.There are several ways of inspecting keys without importing them, which also makes sure you print the information of the very specific key you are considering right now. --with-fingerprint makes GnuPG always output the fingerprint when listing keys. One way to get the fingerprint would be:

$ gpg --with-fingerprint <<EOT
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (Darwin)

mQGiBEPspSsRBADdguKAxMQbA32vTQrCyONR6Zs/YGdvau2Zrr3SSSSR0Ge4FMjZ
4tzwpf6+32m4Bsf7YIwdLl0H5hI1CgT5gDl9kXvfaFUehFnwR+FDyiBRiyHjUpGF
4dgkQfWy9diYeWGtsvszsvWHXtED4SXb322StX4MfJj+YesA1iEdTiXK6wCg1QDa
RucfjC+kx4zPsJwkJOgYpyMEAMTiXtNwQcke6nIFb/lb5374NjwwVAuuMTrRWLyq
5HodugEIHaw3EitQWtnFfXNkXTJZzS6t2HAGv29UTfhiBzKdkydgCkOk2MLWISOV
fqcg0tNIp5ZJCmUHg3s+OFNSH4oUi65u+FyDseUid3OKtPI+ZhIk8N+DjOIg2Kvo
/UALA/9q+WfBd7re+W3iUtU7TutUcwbKsjP+jpaJeUHg2ChOBxVfQKt4YlPHVdrR
iCrfNi90Z8qbsZ0iAXuqexrfMq20pAPmpHRpe54mmP1CMT5m+Gq71eKIfkUrb3LC
/zv08dLG2vm9oghd242wbcifaX+t7AhNAIpe/WTvQsB0gpdO4LQmSGlyYW0gQ2hp
cmlubyA8aGlyYW1AaGlyYW1jaGlyaW5vLmNvbT6IWwQTEQIAGwUCQ+ylKwYLCQgH
AwIDFQIDAxYCAQIeAQIXgAAKCRCf8lmA9bp+T/G/AKDM1QDs7il/CJhTycgDvE3c
EOgUBwCfelsVK4sgBCooZptoaCCDgVtt71G5AQ0EQ+ylLhAEAJD25AWgwcNgBFKY
svExQaGIojIGJyn4Cf/5U30cui/K7fIU7JtyNhKcfZdCrh2hKx+x3H/dTF6e0SrR
hzKV7Dx0j76yhHHB1Ak25kjRxoU4Jk+CG0m+bRNTF9xz9k1ALSm3Y+A5RqNU10K6
e/5KsPuXMGSGoQgJ1H6g/i80Wf8PAAMFA/9mIxu7lMaqE1OE7EeAsHgLslNbi0h9
pjDUVNv8bc1Os2gBPaJD8B89EeheTHw6NMNIe75HVOpKk4UA0gvOBrxJqCr18yFJ
BM5sIlaEmuJwZOW4dDGOR1oS5qgE9NzpmyKhE+fu/S1wmy0coL667+1xZcnrPbUF
D4i7/aD1r8qJhohGBBgRAgAGBQJD7KUuAAoJEJ/yWYD1un5Pth0An0QEUs5cxpl8
zL5kZCj7c8MN8YZDAKDR9LTb6woveul50+uGtUl2fIH1uA==
=RBPl
-----END PGP PUBLIC KEY BLOCK-----
EOT
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   dsa1024/0x9FF25980F5BA7E4F 2006-02-10 [SCA]
      Key fingerprint = E5B8 247A F8A6 19A2 8F90  FDFC 9FF2 5980 F5BA 7E4F
uid                             Hiram Chirino <[email protected]>
sub   elg1024/0x10314D676733C080 2006-02-10 [E]

You can also provide the full page, then GnuPG will print all fingerprints, readily grepable.

Note, that this works only on old GnuPG, version 2.0.x. For newer versions, see the other answers describing the --show-keys option, which is not available in this version.

Bisson answered 24/10, 2017 at 17:29 Comment(6)

Also using man gpg would provide all of the information relating to --with-fingerprint and other options too - i don't think it's patronising to show people how to find this for themselves... – Christophany 24/10, 2017 at 17:39

Now, gpg2 --list-keys already shows the fingerprints same as gpg2 --fingerprint – Brawl 21/1, 2020 at 18:48

Not sure is it still valid case, but --with-fingerprint does not expose the fingerprint for me. Nor gpg, nor gpg2. The only way to see the fingerprint is by gpg2 --list-keys --keyid-format LONG, but this means that keys should be already added to the ring. – Endres 26/6, 2021 at 13:5

This does not seem to work any more (gpg 2.2.12). For me it prints gpg: WARNING: no command supplied. Trying to guess what you mean ... Instead I used gpg --show-keys file.pub – Pushup 5/8, 2021 at 16:40

@Rink I agree - Would you add that as an answer? – Nananne 8/8, 2021 at 0:18

This works only with very old gnupg, for example 2.0.22 on RHEL7, where this answer is still valuable. – Harold 11/10, 2022 at 7:5

gpg --show-keys --fingerprint <<EOT
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (Darwin)

mQGiBEPspSsRBADdguKAxMQbA32vTQrCyONR6Zs/YGdvau2Zrr3SSSSR0Ge4FMjZ
4tzwpf6+32m4Bsf7YIwdLl0H5hI1CgT5gDl9kXvfaFUehFnwR+FDyiBRiyHjUpGF
4dgkQfWy9diYeWGtsvszsvWHXtED4SXb322StX4MfJj+YesA1iEdTiXK6wCg1QDa
RucfjC+kx4zPsJwkJOgYpyMEAMTiXtNwQcke6nIFb/lb5374NjwwVAuuMTrRWLyq
5HodugEIHaw3EitQWtnFfXNkXTJZzS6t2HAGv29UTfhiBzKdkydgCkOk2MLWISOV
fqcg0tNIp5ZJCmUHg3s+OFNSH4oUi65u+FyDseUid3OKtPI+ZhIk8N+DjOIg2Kvo
/UALA/9q+WfBd7re+W3iUtU7TutUcwbKsjP+jpaJeUHg2ChOBxVfQKt4YlPHVdrR
iCrfNi90Z8qbsZ0iAXuqexrfMq20pAPmpHRpe54mmP1CMT5m+Gq71eKIfkUrb3LC
/zv08dLG2vm9oghd242wbcifaX+t7AhNAIpe/WTvQsB0gpdO4LQmSGlyYW0gQ2hp
cmlubyA8aGlyYW1AaGlyYW1jaGlyaW5vLmNvbT6IWwQTEQIAGwUCQ+ylKwYLCQgH
AwIDFQIDAxYCAQIeAQIXgAAKCRCf8lmA9bp+T/G/AKDM1QDs7il/CJhTycgDvE3c
EOgUBwCfelsVK4sgBCooZptoaCCDgVtt71G5AQ0EQ+ylLhAEAJD25AWgwcNgBFKY
svExQaGIojIGJyn4Cf/5U30cui/K7fIU7JtyNhKcfZdCrh2hKx+x3H/dTF6e0SrR
hzKV7Dx0j76yhHHB1Ak25kjRxoU4Jk+CG0m+bRNTF9xz9k1ALSm3Y+A5RqNU10K6
e/5KsPuXMGSGoQgJ1H6g/i80Wf8PAAMFA/9mIxu7lMaqE1OE7EeAsHgLslNbi0h9
pjDUVNv8bc1Os2gBPaJD8B89EeheTHw6NMNIe75HVOpKk4UA0gvOBrxJqCr18yFJ
BM5sIlaEmuJwZOW4dDGOR1oS5qgE9NzpmyKhE+fu/S1wmy0coL667+1xZcnrPbUF
D4i7/aD1r8qJhohGBBgRAgAGBQJD7KUuAAoJEJ/yWYD1un5Pth0An0QEUs5cxpl8
zL5kZCj7c8MN8YZDAKDR9LTb6woveul50+uGtUl2fIH1uA==
=RBPl
-----END PGP PUBLIC KEY BLOCK-----
EOT
pub   dsa1024 2006-02-10 [SCA]
      E5B8 247A F8A6 19A2 8F90  FDFC 9FF2 5980 F5BA 7E4F
uid                      Hiram Chirino <[email protected]>
sub   elg1024 2006-02-10 [E]

From GPG manual -

       --show-keys
              This  commands  takes OpenPGP keys as input and prints information about them
              in the same way the command --list-keys does for locally stored key.  In  ad‐
              dition the list options show-unusable-uids, show-unusable-subkeys, show-nota‐
              tions and show-policy-urls are also enabled.  As usual for automated process‐
              ing, this command should be combined with the option --with-colons.

       --fingerprint
              List  all keys (or the specified ones) along with their fingerprints. This is
              the same output as --list-keys but with the additional output of a line  with
              the  fingerprint. May also be combined with --check-signatures.  If this com‐
              mand is given twice, the fingerprints of all secondary keys are  listed  too.
              This  command also forces pretty printing of fingerprints if the keyid format
              has been set to "none".

       --with-fingerprint
              Same  as  the command --fingerprint but changes only the format of the output
              and may be used together with another command.

My GnuPG version is 2.2.20

References -

https://unix.stackexchange.com/a/694646/356166

Sev answered 16/3, 2022 at 16:49 Comment(0)

Recommended topics

Hot tags