가져 오기없이 gpg 키 세부 사항을 표시하는 방법은 무엇입니까?
postgresql apt 저장소 gpg 키의 사본이 있으며 파일에 나오는 gpg 키의 세부 정보를보고 싶습니다. 열쇠 고리로 가져 오지 않고 가능합니까?
OpenPGP 키 데이터를 볼 때 얻을 수있는 몇 가지 세부 수준이 있습니다 : 기본 요약,이 요약의 기계 판독 가능 출력 또는 개별 OpenPGP 패킷의 상세하고 매우 기술적 인 목록.
기본 키 정보
OpenPGP 키 파일에서 잠깐 동안 피크를 얻으려면 STDIN을 통해 키 데이터에서 파일 이름을 매개 변수 또는 파이프로 간단히 전달할 수 있습니다. 명령이 전달되지 않으면 GnuPG는 수행하려는 작업을 추측하려고 시도하며 키 데이터의 경우 키에 대한 요약을 인쇄합니다.
$ gpg a4ff2279.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa8192 2012-12-25 [SC]
0D69E11F12BDBA077B3726AB4E1F799AA4FF2279
uid Jens Erat (born 1988-01-19 in Stuttgart, Germany)
uid Jens Erat <jens.erat@fsfe.org>
uid Jens Erat <jens.erat@uni-konstanz.de>
uid Jens Erat <jabber@jenserat.de>
uid Jens Erat <email@jenserat.de>
uid [jpeg image of size 12899]
sub rsa4096 2012-12-26 [E] [revoked: 2014-03-26]
sub rsa4096 2012-12-26 [S] [revoked: 2014-03-26]
sub rsa2048 2013-01-23 [S] [expires: 2023-01-21]
sub rsa2048 2013-01-23 [E] [expires: 2023-01-21]
sub rsa4096 2014-03-26 [S] [expires: 2020-09-03]
sub rsa4096 2014-03-26 [E] [expires: 2020-09-03]
sub rsa4096 2014-11-22 [A] [revoked: 2016-03-01]
sub rsa4096 2016-02-24 [A] [expires: 2020-02-23]
을 설정 하면 안전하지 않은 짧은 키 ID 대신 --keyid-format 0xlong긴 키 ID가 인쇄 됩니다 .
$ gpg a4ff2279.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa8192/0x4E1F799AA4FF2279 2012-12-25 [SC]
0D69E11F12BDBA077B3726AB4E1F799AA4FF2279
uid Jens Erat (born 1988-01-19 in Stuttgart, Germany)
uid Jens Erat <jens.erat@fsfe.org>
uid Jens Erat <jens.erat@uni-konstanz.de>
uid Jens Erat <jabber@jenserat.de>
uid Jens Erat <email@jenserat.de>
uid [jpeg image of size 12899]
sub rsa4096/0x0F3ED8E6759A536E 2012-12-26 [E] [revoked: 2014-03-26]
sub rsa4096/0x2D6761A7CC85941A 2012-12-26 [S] [revoked: 2014-03-26]
sub rsa2048/0x9FF7E53ACB4BD3EE 2013-01-23 [S] [expires: 2023-01-21]
sub rsa2048/0x5C88F5D83E2554DF 2013-01-23 [E] [expires: 2023-01-21]
sub rsa4096/0x8E78E44DFB1B55E9 2014-03-26 [S] [expires: 2020-09-03]
sub rsa4096/0xCC73B287A4388025 2014-03-26 [E] [expires: 2020-09-03]
sub rsa4096/0x382D23D4C9773A5C 2014-11-22 [A] [revoked: 2016-03-01]
sub rsa4096/0xFF37A70EDCBB4926 2016-02-24 [A] [expires: 2020-02-23]
pub rsa1024/0x7F60B22EA4FF2279 2014-06-16 [SCEA] [revoked: 2016-08-16]
더 많은 정보를 제공 -v하거나 -vv추가 할 것입니다. 이 경우 패키지 세부 정보를 인쇄하는 것을 선호합니다 (아래 참조).
기계 판독 가능 출력
GnuPG는 또한 콜론으로 구분 된 출력 형식을 가지고 있으며, 쉽게 분석 할 수 있고 안정적인 형식을 가지고 있습니다. 형식은 GnuPG는의에 설명되어 있습니다 doc/DETAILS파일 . 이 형식을받는 옵션은 --with-colons입니다.
$ gpg --with-colons a4ff2279.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub:-:8192:1:4E1F799AA4FF2279:1356475387:::-:
uid:::::::::Jens Erat (born 1988-01-19 in Stuttgart, Germany):
uid:::::::::Jens Erat <jens.erat@fsfe.org>:
uid:::::::::Jens Erat <jens.erat@uni-konstanz.de>:
uid:::::::::Jens Erat <jabber@jenserat.de>:
uid:::::::::Jens Erat <email@jenserat.de>:
uat:::::::::1 12921:
sub:-:4096:1:0F3ED8E6759A536E:1356517233:1482747633:::
sub:-:4096:1:2D6761A7CC85941A:1356517456:1482747856:::
sub:-:2048:1:9FF7E53ACB4BD3EE:1358985314:1674345314:::
sub:-:2048:1:5C88F5D83E2554DF:1358985467:1674345467:::
sub:-:4096:1:8E78E44DFB1B55E9:1395870592:1599164118:::
sub:-:4096:1:CC73B287A4388025:1395870720:1599164118:::
sub:-:4096:1:382D23D4C9773A5C:1416680427:1479752427:::
sub:-:4096:1:FF37A70EDCBB4926:1456322829:1582466829:::
GnuPG 2.1.23부터는 옵션을 명령 과 함께 gpg: WARNING: no command supplied. Trying to guess what you mean ...사용하여 경고를 생략 할 수 있습니다 ( 물론).--import-options show-only--import--with-colons
$ gpg --with-colons --import-options show-only --import a4ff2279
[snip]
이전 버전의 경우 : 경고 메시지가 STDERR에 인쇄되므로 STDIN을 읽고 주요 정보를 경고와 분리 할 수 있습니다.
기술적 세부 사항 : OpenPGP 패킷 나열
Without installing any further packages, you can use gpg --list-packets [file] to view information on the OpenPGP packets contained in the file.
$ gpg --list-packets a4ff2279.asc
:public key packet:
version 4, algo 1, created 1356475387, expires 0
pkey[0]: [8192 bits]
pkey[1]: [17 bits]
keyid: 4E1F799AA4FF2279
:user ID packet: "Jens Erat (born 1988-01-19 in Stuttgart, Germany)"
:signature packet: algo 1, keyid 4E1F799AA4FF2279
version 4, created 1356516623, md5len 0, sigclass 0x13
digest algo 2, begin of digest 18 46
hashed subpkt 27 len 1 (key flags: 03)
[snip]
The pgpdump [file] tool works similar to gpg --list-packets and provides a similar output, but resolves all those algorithm identifiers to readable representations. It is available for probably all relevant distributions (on Debian derivatives, the package is called pgpdump like the tool itself).
$ pgpdump a4ff2279.asc
Old: Public Key Packet(tag 6)(1037 bytes)
Ver 4 - new
Public key creation time - Tue Dec 25 23:43:07 CET 2012
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(8192 bits) - ...
RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(49 bytes)
User ID - Jens Erat (born 1988-01-19 in Stuttgart, Germany)
Old: Signature Packet(tag 2)(1083 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA1(hash 2)
Hashed Sub: key flags(sub 27)(1 bytes)
[snip]
I seem to be able to get along with simply:
$gpg <path_to_file>
Which outputs like this:
$ gpg /tmp/keys/something.asc
pub 1024D/560C6C26 2014-11-26 Something <something@none.org>
sub 2048g/0C1ACCA6 2014-11-26
The op didn't specify in particular what key info is relevant. This output is all I care about.
To verify and list the fingerprint of the key (without importing it into the keyring first), type
gpg --with-fingerprint <filename>
Edit: on Ubuntu 18.04 (gpg 2.2.4) the fingerprint isn't show with the above command. Use the --with-subkey-fingerprint option instead
gpg --with-subkey-fingerprint <filename>
The option --list-packets parses pgp data from a file and outputs its structure - in a very technical way, though. When parsing a public key, you can easily extract the user ids and the key ids of the signatures.
Be wary that this command only parses the data format, it does no validation of signatures or similar things.
When I stumbled up on this answer I was looking for a way to get an output that is easy to parse. For me the option --with-colons did the trick:
$ gpg --with-colons file
sec::4096:1:AAAAAAAAAAAAAAAA:YYYY-MM-DD::::Name (comment) email
ssb::4096:1:BBBBBBBBBBBBBBBB:YYYY-MM-DD::::
Documentation can be found here.
You may also use --keyid-format switch to show short or long key ID:
$ gpg2 -n --with-fingerprint --keyid-format=short --show-keys <filename>
which outputs like this (example from PostgreSQL CentOS repo key):
pub dsa1024/442DF0F8 2008-01-08 [SCA] │
Key fingerprint = 68C9 E2B9 1A37 D136 FE74 D176 1F16 D2E1 442D F0F8 │ honor-keyserver-url
uid PostgreSQL RPM Building Project <pgsqlrpms-hackers@pgfoundry.org> │ When using --refresh-keys, if the key in question has a preferred keyserver URL, then use that
sub elg2048/D43F1AF8 2008-01-08 [E]
pgpdump (https://www.lirnberger.com/tools/pgpdump/) is a tool that you can use to inspect pgp blocks.
It is not user friendly, and fairly technical, however,
- it parses public or private keys (without warning)
- it does not modify any keyring (sometimes it is not so clear what gpg does behind the hood, in my experience)
- it prints all packets, specifically userid's packets which shows the various text data about the keys.
pgpdump -p test.asc
New: Secret Key Packet(tag 5)(920 bytes)
Ver 4 - new
Public key creation time - Fri May 24 00:33:48 CEST 2019
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(2048 bits) - ...
RSA e(17 bits) - ...
RSA d(2048 bits) - ...
RSA p(1024 bits) - ...
RSA q(1024 bits) - ...
RSA u(1020 bits) - ...
Checksum - 49 2f
New: User ID Packet(tag 13)(18 bytes)
User ID - test (test) <tset>
New: Signature Packet(tag 2)(287 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA256(hash 8)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Fri May 24 00:33:49 CEST 2019
Hashed Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x396D5E4A2E92865F
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys
Flag - This key may be used to sign data
Hash left 2 bytes - 74 7a
RSA m^d mod n(2048 bits) - ...
-> PKCS-1
unfortunately it does not read stdin : /
참고URL : https://stackoverflow.com/questions/22136029/how-to-display-gpg-key-details-without-importing-it
'IT story' 카테고리의 다른 글
| 수동 배포와 Amazon Elastic Beanstalk (0) | 2020.08.02 |
|---|---|
| std :: map에 해당하는 remove_if (0) | 2020.08.02 |
| IIS 오류 502.5의 ASP.NET Core 1.0 (0) | 2020.07.30 |
| Maven으로 간단한 Java 10 / Java 11 프로젝트를 컴파일 할 수 없습니다 (0) | 2020.07.30 |
| Windows의 git diff가 "터미널이 완전히 작동하지 않는다"고 경고하는 이유는 무엇입니까? (0) | 2020.07.30 |