help understanding gpg --list--keys output
Solution 1
what is my actual key in this block of text?
It's not shown. Since this is, as you (correctly) said, an RSA 2048-bit key, your actual public key (which is what --list-keys
shows) in hex would be over 500 characters -- about 7 full lines on a typical terminal. Your private key, which for hysterical raisins PGP and GPG calls 'secret', shown by --list-secret-keys
, would be even longer, and in addition showing it on a terminal where in some cases a bad person might be able to get a copy of it is extremely bad for security.
How do i get my key id?
4424C645C99A4C29E540C26AAD7DB850AD9CFFAB is the fingerprint. There are two keyids, and except for v3 keys which are long obsolete, both are derived from the fingerprint. The 'short' keyid is the low 32 bits, or last 8 hex digits, of the fingerprint and thus is AD9CFFAB. The 'long' keyid is the low 64 bits, or last 16 hex digits, of the fingerprint and thus is AD7DB850AD9CFFAB. Historically the short keyid was used for almost everything, and most websites, blogs, and much documentation that you find will use and show them, but in the last few years short keyids have been successfully attacked so modern programs now default to either the long keyid or (as here) the fingerprint, but you can add them by specifying --keyid-format=long
or --keyid-format=short
or the equivalent option in some config file, probably .gnupg/config
.
The 2048R/0B2B9B37
you found somewhere is an example of the format used by old versions of GPG. It used a single letter R for RSA, because in the old days there were really one three types of keys (and algorithms) to distinguish while now there are more; and it used the short keyid of 8 hexits.
Solution 2
You can read this article for explanation about the key flags (see Key Flag Subpacket section).
Your primary key (used for signing) is the one that is preceded with "pub". You can see the private part with "gpg --list-secret-keys" (the one that starts with "sec"). The sub-key (used for encryption) is the one that preceded with "sub" (public sub-key) or "ssb" (secret sub-key). Check the answer to a question about GnuPG separate keys here.
Related videos on Youtube
![yaxley peaks](https://lh4.googleusercontent.com/-u5bXzjeFq38/AAAAAAAAAAI/AAAAAAAAE0E/R_0KHbazYeU/photo.jpg?sz=256)
yaxley peaks
Updated on September 18, 2022Comments
-
yaxley peaks almost 2 years
When I run
gpg --list-keys
I get the following output:/home/yax/.gnupg/pubring.kbx ---------------------------- pub rsa2048 2020-10-09 [SC] 4424C645C99A4C29E540C26AAD7DB850AD9CFFAB uid [ultimate] yaxley peaks <[email protected]> sub rsa2048 2020-10-09 [E]
What is my actual key in this block of text?
How do I get my key id?
What does the [SC] and the [E] mean, and what does sub mean?
Here's some info regarding the key.
- it was generated with
gpg --full-generate-key
and I chose the rsa rsa option. - It's 2048 bytes long
-
Freddy over 3 yearsDoes this answer your question? How are the GPG usage flags defined in the key details listing?
-
yaxley peaks over 3 years@Freddy yes thank you but that is not the complete answer to my question. I Would still like to know what is my actual key in that block of text. and what does sub mean
- it was generated with
-
yaxley peaks over 3 yearsthanks, this makes a lot of sense but it still doesnt answer the main question. Where do i find the actual key? I messed around a bit and found that the
4424C645C99A4C29E540C26AAD7DB850AD9CFFAB
is the fingerprint. I still cant find the actual key. I looked up online and it just says it is the key will be shown like:2048R/0B2B9B37
but i cant find something like that when i dogpg --list-keys
-
Meesha over 3 yearsYou mean the key files? It is usually in "~/.gnupg/" directory or other location that "gpg -K" will tell you. You can also export the public-private key pair in ASCII armored file like shown here.
-
insidepower almost 3 yearsthanks, good explanation!