edgecase
Author: StJohn Piano
Published: 2019-03-12
Datafeed Article 88
This article has been digitally signed by Edgecase Datafeed.
This article has been digitally signed by its author.
15960 words - 5370 lines - 135 pages





GOAL



Test an instance of GPG 1.4.10. Assemble a list of basic GPG commands.




CONTENTS



- Goal
- Contents
- Brief Summary
- Summary
- Basic GPG Commands
- Notes
- Project Log






BRIEF SUMMARY



I assembled and tested a list of basic GPG commands. They are shown with examples in the Basic GPG Commands section.






SUMMARY



I wrote a list of commands and operations that I considered to be basic necessary functionality for an RSA software implementation.

Here is the list:
- create key
- display key
- display all keys
- delete key
- export key
- import key
- export ASCII-encoded key
- import ASCII-encoded key
- sign using a specific key, producing a detached signature
- verify a detached signature, using a specific key
- verify an ASCII-encoded detached signature, using a specific key
- sign using a specific key, producing an ASCII-encoded detached signature
- encrypt a message to a specific public key
- decode an encrypted message, using a specific private key
- display fingerprint for a specific key
- display fingerprints for all keys
- use a fingerprint to retrieve the corresponding key

Notes:
- A GPG 'key' is really a keypair - a private key and a public key.
- A GPG key contains a primary keypair and a subkeypair. The primary keypair is used for signing. The subkeypair is used for encryption. Other people's encrypted messages are encrypted to the public subkey. The private subkey is used to decrypt messages.

I was able to use GPG to achieve most of this functionality. See the Basic GPG Commands section for details (and an improved list). I focused on finding workflows that relied on a key fingerprint (the best available uniqueness constraint, hard to counterfeit) and that produced readable results (i.e. printable ASCII output).

Exception: I was unable to specify a key by fingerprint when decrypting an encrypted file. I found that the public key appears to contain a subkey, to which messages are encrypted. Also, I couldn't find a way to get a key fingerprint to appear in the output of the decryption command.

In some cases, I found workarounds. I was unable to specify a key by fingerprint for verifying a signature. GPG will attempt to use all public keys in its internal database to verify a signature. However, in the event of a successful signature verification, I was able to get GPG to produce output containing the fingerprint of the relevant key. This output can then be piped and grepped for the fingerprint.




Notes section:

The Notes section contains the following parts:

- Necessary functionality for an RSA software implementation
- GPG data storage location
- GPG example output
- Signing an encrypted file
- Some notes concerning GPG key IDs








BASIC GPG COMMANDS





List of commands:
1) Create key
2) Display key
2a) Display public key details
2b) Display private key details.
3) Display details of all keys
3a) Display details of all public keys
3b) Display details of all private keys
4) Export key
4a) Export public key
4b) Export private key
5) Delete key
5a) Delete public key
5b) Delete private key
6) Import key
6a) Import public key
6b) Import private key
7) Sign a file using a specific key, producing a detached signature file
8) Verify the detached signature of a file, checking that the signature was made by a specific key
9) Encrypt a message file to a specific public key
10) Decrypt an encrypted message file, checking that the decryption was performed using a specific private key.


Notes:
- These commands emphasise the use of real names, fingerprints, and ASCII armor.
- A GPG 'key' is really a keypair - a private key and a public key.
- A GPG key contains a primary keypair and a subkeypair. The primary keypair is used for signing. The subkeypair is used for encryption. Other people's encrypted messages are encrypted to the public subkey. The private subkey is used to decrypt messages.






1) Create key

gpg --gen-key


See the "GPG example output" part of the Notes section for example output of this command.

Interactive steps during key generation:
- 1) key type = "1" (RSA and RSA)
- 2) key size = "4096"
- 3) expiry period = "0" (never)
- 4) confirm expiry period = "y"
- 5) real name = "[your name or handle]"
- 6) email address = "[your email address]"
- 7) comment = "[comment or empty string]"
- 8) confirm real name, email address, and comment = "o"
- 9) passphrase = "[passphrase or empty string]"
- 10) confirm passphrase = "[passphrase or empty string]"
- 11) [wait for random bytes to be generated]

Might be possible to use an empty string "" for email address. Haven't tested.
I didn't perform any action while random bytes were being generated. Don't know how much this helps or hinders.

Note: GPG insisted on generating a passphrase even though I chose not to. Not sure if a passphrase was actually generated or if GPG only reported that it was.

Warning: If you input a passphrase, you must record / remember it, else later you will not be able to access your key (GPG uses the passphrase to encrypt the key data).






2) Display key details




a) Display public key details

gpg --list-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces. I have tested: real name.

Example:

[spiano@localhost ~]$ gpg --list-keys "Test Key 1"

pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


479D9006 is the short key ID.

Add
--fingerprint
to the command to also display the key fingerprint.

Example:

[spiano@localhost work]$ gpg --fingerprint --list-keys "Test Key 1"

pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


Note that the fingerprint is displayed with spaces, but is not used with spaces in commands.




b) Display private key details.

gpg --fingerprint --list-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. I have tested: real name.

Example:

[spiano@localhost work]$ gpg --fingerprint --list-secret-keys "Test Key 1"

sec 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04


Note "sec" instead of "pub" in the output in the first row.






3) Display details of all keys




a) Display details of all public keys

gpg --list-keys


Example:

[spiano@localhost work]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


Add
--fingerprint
to the command to also display the key fingerprint.

Example:

[spiano@localhost work]$ gpg --list-keys --fingerprint

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04





b) Display details of all private keys

gpg --list-secret-keys


Example:

[spiano@localhost work]$ gpg --list-secret-keys

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04


Add
--fingerprint
to the command to also display the key fingerprint.

Example:

[spiano@localhost work]$ gpg --list-secret-keys --fingerprint

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04







4) Export key




a) Export public key

gpg --armor --export [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces. I have tested: real name, short key ID, email address, fingerprint, long key ID.

See the "GPG example output" part of the Notes section for example output of this command.

Redirect the output to a file to save the key.

Example:

[spiano@localhost work]$ gpg --armor --export "Test Key 1" > test_key_1.txt





b) Export private key

gpg --armor --export-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces. I have tested: real name, fingerprint.

See the "GPG example output" part of the Notes section for example output of this command.

Redirect the output to a file to save the key.

Example:

[spiano@localhost work]$ gpg --armor --export-secret-keys "Test Key 1" > test_key_1.txt.secret







5) Delete key




a) Delete public key

gpg --delete-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces. I have tested: real name, fingerprint.

Note: This command won't work if an associated private key is stored in the GPG internal database. You have to delete the private key first.

Example:

[spiano@localhost work]$ gpg gpg --delete-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y





b) Delete private key

gpg --delete-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces. I have tested: real name, fingerprint.

Example:

[spiano@localhost work]$ gpg --delete-secret-keys 22D2012D82FA14F44A3AC9BEE04C9329479D9006

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. sec 4096R/479D9006 2019-03-04 Test Key 1 <n@a> Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y







6) Import key




a) Import public key

gpg --import [file_name]


where [file_name] is the name of the file containing a GPG public key. I have only tested this command with a public key that was in GPG's binary format.

Example:

[spiano@localhost work]$ gpg --import test_key_1.gpg

gpg: key 479D9006: public key "Test Key 1 <n@a>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)


Note: It may be possible to use a file path instead of only a file name. I have not tested this.




a) Import private key

gpg --import [file_path]


where [file_name] is the name of the file containing a GPG private key.

Example:

[spiano@localhost work]$ gpg --import test_key_1.txt.secret

gpg: key 479D9006: secret key imported gpg: key 479D9006: public key "Test Key 1 <n@a>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: secret keys read: 1 gpg: secret keys imported: 1


Note: Importing a private key causes GPG to construct and store the corresponding public key. I have tested this.






7) Sign a file using a specific key, producing a detached signature file

gpg --detach-sign --armor --local-user [key] [file_name]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces. I have tested: real name, fingerprint.

and where [file_name] is the name of the file-to-be-signed.

Notes:
- The detached signature file will have the name
[file_name].asc
.
- It may be possible to use a file path instead of only a file name. I have not tested this.
- The option
--output [output_file_name]
allows you to specify the name of the detached signature file. I have not tested this.

Example:

[spiano@localhost work]$ ls -1

foo.txt

[spiano@localhost work]$ gpg --detach-sign --armor --local-user BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 foo.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc

[spiano@localhost work]$ cat foo.txt.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgRhqAAoJEJjT7+3k18cR0FIQAJbOhNiY78cdkNqYaGTjyE01
aL1VVYjEC4JgsXPPn4WPi6jVv2gEYodhGaDxSIv/KOQlPrnqj7cdFjhPlg1xwFme
WT9vxXuwFb1+iVDJR+2LcH/P+pabCnTjp2QGh4+dus0FdKqDvcZ4XVVIEqytp7aD
Mz29gAxoxgy4dl9NUidHK3j3H7mUh92e8CTBJIyUgYN62t+mHq+y6DgJ5aRe2etA
Dt3/LeW1+pj4Hmg61OcOe3WRZ/UqebrvaUM+o63DWpdxolNQlgrM17uWxg9+FPgh
acOhq9g2nANl7ZFaeSQ43EitBVAbuIxmAJ0p9jjVIJCZHC4W6PhHPkW8zBHIvKaJ
TmgizHYZN6VlcnNdnfn0oacRDxCZbeqoSirK2a8v/KpUvJVs+KoigIBUf/i1I+98
Xn+PbBn6msuavG/S7rA95WYZMWXy0ZoUCcjEN+2TW4D/FKGZPPXqUJ2pf0GIq5fw
fMQcJVoBw8NnZbCh0VgDy5N8Gr7rfrmalkrTuZhOYEW77rPOQVtWLiIQ6dcS80wz
aAqstMz2VAFwWdNpynT5QvD/tBroztEp/YSepaLXJR66fxwWKOaOZdKGyS5flhzm
J0Wwe4YTVjAVrtnWEkhp9tVFIgBG0gmePfBpFyHwHCso9/1u0dhF9KZ+fKMqMZB0
SeO8M+xeSvzm1/BGdPmn
=rve+
-----END PGP SIGNATURE-----


Note: The
gpg --list-packets [detached_signature_file_name]
command can be used to view the long key ID of the public key that signed the file. Perhaps the fingerprint is not included in the signature file (ideally, it would be).

Example:

[spiano@localhost work]$ gpg --list-packets foo.txt.asc

:signature packet: algo 1, keyid 98D3EFEDE4D7C711 version 4, created 1551964266, md5len 0, sigclass 0x00 digest algo 2, begin of digest d0 52 hashed subpkt 2 len 4 (sig created 2019-03-07) subpkt 16 len 8 (issuer key ID 98D3EFEDE4D7C711) data: [4096 bits]







8) Verify the detached signature of a file, checking that the signature was made by a specific key

gpg --verify [file_name].asc [file_name]


where [file_name].asc is the name of the detached signature file and [file_name] is the name of the original file.

Notes:
- It may be possible to use a file path instead of only a file name. I have not tested this.

Example:

[spiano@localhost work]$ gpg --verify foo.txt.asc foo.txt

gpg: Signature made Wed 06 Mar 2019 09:39:34 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"


Add
--status-fd 1
to the command to also display the fingerprint of the key that made the signature.

Example:

[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc

gpg: Signature made Thu 07 Mar 2019 12:59:23 PM GMT using RSA key ID 479D9006 [GNUPG:] SIG_ID 2y1gNDe4vfd+U2ZNylv1foWsORk 2019-03-07 1551963563 [GNUPG:] GOODSIG E04C9329479D9006 Test Key 1 <n@a> gpg: Good signature from "Test Key 1 <n@a>" [GNUPG:] VALIDSIG 22D2012D82FA14F44A3AC9BEE04C9329479D9006 2019-03-07 1551963563 0 4 0 1 2 00 22D2012D82FA14F44A3AC9BEE04C9329479D9006 [GNUPG:] TRUST_UNDEFINED gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006


Note: In the previous example, I think that GPG took the signature file name "foo.txt.asc" and checked for the implied presence of an original file "foo.txt", which did actually exist.

Use
grep
to filter the output for a specific fingerprint and
wc -l
to turn this into a binary result (0 or 1). This works only because the fingerprint (without spaces) will be included on only 1 line of the output.

Example:

[using Test Key 1 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.asc foo.txt 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

1

[using Test Key 2 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.asc foo.txt 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

0


Note: I found that the GPG output is sent to stderr. Redirecting it to stdout using
2>&1
stops it being printed to the terminal when using
grep
+
wc -l
.






9) Encrypt a message file to a specific public key

gpg --encrypt --recipient [key] --armor [file_name]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces. I have tested: real name, fingerprint.

and where [file_name] is the name of the file-to-be-encrypted.

Notes:
- It may be possible to use a file path instead of only a file name. I have not tested this.
- The encrypted file will be called
[file_name].asc
.
- The option
--output [output_file_name]
allows you to specify the name of the encrypted file. I have not tested this.

Example:

[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ echo "hello world 2" > message.txt


[spiano@localhost work]$ cat message.txt

hello world 2

[spiano@localhost work]$ gpg --encrypt --recipient "Test Key 2" --armor message.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message.txt
message.txt.asc
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ cat message.txt.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQIMA277c+dPbf7sAQ//Vy84fj6up/ugMxYhf5byyk4nfY1S1PvOPKWK2hcYwDRR
BDEfBnSBw2+UifPDIItY5y3Aa68R1/hS8CZX0kyXeBnn+mjHlvECUxXPTCwYHm8Z
Hz9rSfLLt4kaZe4gNbOQi4sztjDZq8r0/rV/dTe7hBHw8e5KlFm8MZ0enEpbSHFi
9hq8aUO2QmP368+a+qw9jG59w6R+adWL1nN9SCI3pvQj1Oxh1JCMCPsmV63ot72k
EMy8D6iJNGmigxrIOpeonHEkKxGy8cqa0fTcfHVBc0MGDUebMxd/VvaKNpbqS+eh
NGq6HcS8rPZHJsjIwLSSEl60eH7DplWJrRTG1p94oYM9UbWywWguTC+xNNsDHG/A
mrkvRKx2pwA3UUzperOqcpGLCjEQs1u9DT9scwRnXIn1zGOT5bAnGki7iLucBJHq
KfglkCF6uEdY90tmEPq7nVTCnqpKvA5Sio1aLyseitP/VOIHdjkIexoqJk3Hb8kN
xyZvvKgDzc/c1zVjdheBu3TYRCAPodRHPne4glJXPRS72CZOrVLaMamNZAx6Ad7/
fr0ah83krDg5bN86yMKcIgTzN69nt/hCtwUNNSAIo6PYKoGnsgxtAdnEra1UVkGw
pmV1oteniWzHD3MTtw3NOjbK2pFFkKZDFR3xBWOb4ZUvGTdtNSklc4Vq4n94aVjS
VAFhpUrJrnXpFi8I6SndEqZwBCAC4L5NH4gFqT0TbEBEPQDakgNRsH3S4KLmSt0o
My+XJD9Tu9fKjL/kvcGUFJ9/5xrxCILYBxE8BIsicfw+r11ezA==
=QfVh
-----END PGP MESSAGE-----







10) Decrypt an encrypted message file, checking that the decryption was performed using a specific private key.

gpg --decrypt --output [file_name] [file_name].asc


where [file_name] is the name of the decrypted file (to be created by this command) and [file_name].asc is the name of the detached signature file.

Notes:
- It may be possible to use a file path instead of only a file name. I have not tested this.

Example:

[spiano@localhost work]$ gpg --decrypt --output message2.txt message2.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>"


Note:
- A GPG key contains a primary keypair and a subkeypair. The primary keypair is used for signing. The subkeypair is used for encryption. Other people's encrypted messages are encrypted to the public subkey. The private subkey is used to decrypt messages.
- You will be able to see that the short key ID in the decryption output is not that of the main public key. This short key ID will be visible in the output of
gpg --list-keys
as the short key ID of the subkey of the main public key.

The previous part "8) Verify the detached signature of a file, checking that the signature was made by a specific key" demonstrated how to use the tools
grep
and
wc -l
to produce a binary result for checking that a particular fingerprint is present in the output. A similar approach can be used here to check that a specific short key ID is present in the output, although this is not as good as using a fingerprint.

Note: The
gpg --list-packets [encrypted_file_name]
command can be used to view the long key ID of the public subkey of the main public key to which the file is encrypted.

Example:

[spiano@localhost work]$ gpg --list-packets message.txt.asc

:pubkey enc packet: version 3, algo 1, keyid 6EFB73E74F6DFEEC data: [4095 bits] :encrypted data packet: length: 84 mdc_method: 2 gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" :compressed packet: algo=2 :literal data packet: mode b (62), created 1551960343, name="message.txt", raw data: 14 bytes
















NOTES





Parts


- Necessary functionality for an RSA software implementation
- GPG data storage location
- GPG example output
- Signing an encrypted file
- Some notes concerning GPG key IDs




Necessary functionality for an RSA software implementation


I wrote a list of commands and operations that I considered to be basic necessary functionality for an RSA software implementation.

Here is the list:
- create key
- display key
- display all keys
- delete key
- export key
- import key
- export ASCII-encoded key
- import ASCII-encoded key
- sign using a specific key, producing a detached signature
- verify a detached signature, using a specific key
- verify an ASCII-encoded detached signature, using a specific key
- sign using a specific key, producing an ASCII-encoded detached signature
- encrypt a message to a specific public key
- decode an encrypted message, using a specific private key
- display fingerprint for a specific key
- display fingerprints for all keys
- use a fingerprint to retrieve the corresponding key

I was able to use GPG to achieve most of this functionality. An example: "Display key" is achieved via exporting the key.

A key fingerprint is (or should be) derived in some way from the hash of a public key. It is a shorthand way to reference the key in a manner that has a good uniqueness guarantee but is shorter than the entire key. User-assigned names can always be duplicated by a third party, who might wish to create a counterfeit key. A short key ID (the last 8 characters of the fingerprint) is insecure because it is feasible for a third party to attempt to generate another key with the same short key ID. Sadly, GPG appears to rely internally much more on the short key ID than on the fingerprint. I have attempted during this project (as much as possible) to choose GPG workflows that rely on the fingerprint.

Having finished this project and gained some experience, I think I will revise the list.

Necessary functionality: An RSA implementation should be able to do these things:
- Create RSA keypair. The user should be able to specify a file that contains entropy for use as the private key. The function "create public key from private key" should be available as a separate function. The keypair should be assigned a unique ID (e.g. an incrementing integer) that is for internal use only. It should have a user-assigned name (alterable) and a fingerprint (not alterable, derived from a hash). The name is not stored within the key - it should be assigned by the RSA software user, not by the key's creator.
- Output RSA public key. Can specify key by unique ID, name, or fingerprint. Output must be printable ASCII.
- Output RSA private key. Can specify key by unique ID, name, or fingerprint. Output must be printable ASCII.
- Import RSA public key from file. Ask for confirmation if this key has a fingerprint that is already used by another key in the internal database.
- Import RSA private key from file. Generate the corresponding RSA public key and import that as well.
- Some people may have a reason to use many private keys. Private keys should also have fingerprints for internal use.
- Sign a file using a specified RSA private key, producing a detached signature file. Can specify key by unique ID, name, or fingerprint. Output must be printable ASCII.
- Verify a detached signature file (the original file is of course needed as well). File format can optionally specify the fingerprint of the public key of the keypair that signed it. Can specify public key by unique ID, name, or fingerprint. If no key is specified, attempt verification using all public keys in the internal database.
- Encrypt a file to a specific public key. Can specify key by unique ID, name, or fingerprint.
- Decrypt an encrypted file. File format can optionally specify the fingerprint of the public key to which it is encrypted (this can obviously be altered in transit). Can specify a private key to use for verification by unique ID, name, or fingerprint. If no key is specified, attempt verification using all private keys in the internal database.
- Use a fingerprint to look up a name. Need some way to distinguish the fingerprint of a private key from the fingerprint of a public key.
- Use a name to look up a fingerprint. Need some way to specify whether the fingerprint is the fingerprint of a private key or of a public key.
- Output the list of public keys. This list should include: unique ID, name, fingerprint.
- Output the list of private keys. This list should include: unique ID, name, fingerprint.
- Delete RSA public key. Can specify key by unique ID, name, or fingerprint.
- Delete RSA private key. Can specify key by unique ID, name, or fingerprint.
- Delete RSA keypair. Can specify key by unique ID, name, or fingerprint. Need some way to specify whether the fingerprint is the fingerprint of a private key or of a public key.

Notes:
- "Output" is equivalent to "Display" and to "Export". To export, direct the output into a file.
- When importing a key (public or private), the program should ask for confirmation if this key has a fingerprint that is already used by another key in the internal database. If confirmation is granted, then the new key should not overwrite the old key. Instead, a query for this fingerprint should return both keys.
- When importing a key (public or private), the user should be able to assign a name to it. The program should ask for confirmation if this key has already been used within the internal database. If confirmation is granted, then the new key should not overwrite the old key. Instead, a query for this fingerprint should return both keys. The user should be able to alter this name later.
- A public key does not need to contain: A name, a date of creation, an email address, photo, self-signature, other people's signatures of this key, subkeys, or a comment. All of these should be handled by external systems. Simple approach: A directory for every contact that you have, which contains each of these items and their signatures.
- Subkeys should be manually created. Simple approach: Create a new keypair, publish a signed statement that states that external messages should be encrypted to this new keypair.
- The trust database should also be external. Simple approach: A text file for every contact that you have, containing their name, their key fingerprint, and any other details that you think are relevant.
- The internal database should ideally contain only printable ASCII bytes. (e.g. a text file in JSON format), so that it can be read and written using a text editor.




GPG data storage location


These are the results from this project. On your system, "/home/spiano" will instead be your home directory.

GPG stores its data in the directory:
/home/spiano/.gnupg


Public keys are stored in:
/home/spiano/.gnupg/pubring.gpg


Private keys are stored in:
/home/spiano/.gnupg/secring.gpg


[spiano@localhost ~]$ ls -1 /home/spiano/.gnupg

gpg.conf
pubring.gpg
pubring.gpg~
random_seed
secring.gpg
trustdb.gpg










GPG example output




Create key:

[spiano@localhost ~]$ gpg --gen-key

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Test Key 1 Email address: n/a Not a valid email address Email address: n@a Comment: You selected this USER-ID: "Test Key 1 <n@a>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. You don't want a passphrase - this is probably a *bad* idea! I will do it anyway. You can change your passphrase at any time, using this program with the option "--edit-key". We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++ .........................+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..........+++++ ..+++++ gpg: key 479D9006 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04





Display / output text representation of public key:

[spiano@localhost ~]$ gpg --armor --export "Test Key 1"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
tBBUZXN0IEtleSAxIDxuQGE+iQI3BBMBAgAhBQJcfVDjAhsDBgsJCAcDAgYVCAIJ
CgsDFgIBAh4BAheAAAoJEOBMkylHnZAGW/kP+wYrE8ZgclkPmPCQx0g+39DS2K6y
Vj26vqj7qDwySJHF3jzEzVC72MYFiFz4yNd4z2ndLEuDSpO0hXpS3de8EZgTm6TM
wUrHq0+MIexn5tirPEl0lcznCVohL777TAmOqgYlxRm3n4tu3i7N2NPDcvAQPiOR
XWi+/NUhUIN4Y+bwq4LDd5uGc99KgnCmw4pfsWD6t4ldr7jc5FLRNuw4NfnepLet
KXFsQsEsoC+rwFdSM4fPXvw7/Ux9OIRwIm2MuCQNHd4jsgIhU8xnlZi1aO2ZyIB6
Lqiooc1lM9H15nzoxYFpIBePt9w5ANfagPX6s2plm/e1XfsWHpTkn5BGq9efRbsi
8XPD/tnnNZ5PSwn6DHqY2ZVS98/qQY0QvFvwemJfvGIVzlHzI4zyIPEL82QyszKr
vRyFhpO+qSlYcijA6m4CMI9tanGNtkvz8vtts454EkfpnqXILURA2hZWQZ5vzPzT
vzUa0iwnSNabF+2+fw+nhW7fQNN06X4XW/oLeV6TFPi/6br8/Vp/MmresLJGUXG8
xj6qKJEghuiZVcUc/qj2d86nqV/kcVpgci+1FQNMx+AI1ZDbmTKh0z1Y6ehjR9wa
bh4CTSdW8A3oyrLd7JL56K4ZeYCMDkh/wiMufO/5ZZyq1G1Sg5ZNXypBr82jfeUo
/Tp4U2XiXO6HFpeDuQINBFx9UOMBEADnYdm7WbfuA8yFtq9WuZJ404IbMYuO9+aR
eBbpEoP5TWWlijV4CmZZ736ipQDCiDgLWWJqj90F3nkIjqneXfiqMphlX0e+lKeS
E1ldP5qAzF7FxTzpT5je0K6WVwbICRV6GZD2O4FOuQPciBeH7y7X0ZCjTjoCG5lN
sOYSwq6rucK7RY5UoVktwKq2ly06txfDgd1ONLu+I422qbm6zVKKkQJmZIhsVgjn
RhWheI7G1kOTpeAqbu8QXpcFRI50JUKq1RiT1H/kN9iKvvh9kE4r2I+qN7hRS2m5
TAUfUgdJ/hwPotxljXyl1g4jSXcJu5xDeCjnJ06AEUyxNKtFJfSXHK2ZP7YtAQ9M
mvL4ff1FY3gtYn+3AbBKHveC5yy9PtTIgqXF57IRRaaMRbKDcWvy2/4kGevXAxK8
wSJnemGHbB0+HTjUl7tpm3Ry9klPp8QEbK79+SbQgR5lAo3WC2OlVLU1KRR4KS2S
VBzO5VL1PEszwKK7sUo/KQdTagUjLMkCoTshjM7sDPkdp/zC4/gsRYIqdS6iKmna
hua8+ZcYrdYUmdNH6LbgCxr5TcOQARo3O9VIw0tUt7Fe8wuvmY20hyHZmVba5FYT
kE7jsG3TUdn6rlmA9/cwuw020okXfBkLT5sR+D09ftcPync+P4KSqESvsRmWAlit
wegODV8gYwARAQABiQIfBBgBAgAJBQJcfVDjAhsMAAoJEOBMkylHnZAGBFkP/2xA
EjoaPy45ZhA6oBvJAK9uo0F9HU7RkJVPUDQvVAkQ+FMNFgkzdi2HVOK1Eb6r/FHP
2b9MMirVeE9UHE+iTvR7UfNZ9TKMdxDB6lUb4yVIRBb/rxk87NDPCVNPA7gYnyEq
M4tVLOvHLo/0B16cZZQaSfhXbCw2q+Py04dSw/H2CTCqFQGCYcSMk8eJrjRutK+N
43N7FBRpH6G2FsxtJzPS0EmD9+ajQVnR47zJhpkkAETMz5i56RfxGNkJpveq81yl
a83c6+WrpIoMpkJyUp40/loNoeMANClS2hreh7ch1yFZh/wEjQ2+T5xe6/h2zY6b
4HuOeKrktK4diS4HqEWO1mQpAvbcAS2ucSmu62rD00dGqp6KOPmp8bHG8dIZ9O8x
URdhrJWtQPOMmH9VXFfR0V+ulH/QsSuQaZzBXMoEzmTadZmSvDUmIv1e+er1w0nE
hgVAO99q0+Nv70yKMDAkSnCGZDwIL3g51+Z6wMfhehqrCykOGelob473hQ4tSeqD
LxkebYcO2KQMzqHPfuPWxvxuxb5WwvpaaYhJBISa1ZS4Kcip2O0q+o0uC6OSdYH6
vkMFfhirQGjxW8sGRT8ZuXayhivosjvVnB3GYDAVQbnjFT3VaHSPYISB3XFB0kyK
vFJtgLbNt9CHOZAXrSD3AJFdgkONTfyRbF/5Rw+x
=vmax
-----END PGP PUBLIC KEY BLOCK-----





Display / output text representation of private key:

[spiano@localhost work]$ gpg --armor --export-secret-keys "Test Key 1" > test_key_1.txt.secret


[spiano@localhost work]$ cat test_key_1.txt.secret

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

lQcYBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
AA/9EHz5SfwsI+Km+VDpd5ZlXLyFJY2VtqfeCGylcgntyC//7JecSUqt6yh2JSXI
FwcEmGJZs+4FSkxq/JoAmpXsN6SV1S6kyTYLb/yY6DAfKxu/7jxmfEAEzx4MpBDo
RrYIKxRJypw9W7Ltee9KFzo4p3WYH8xEOPlN6JhssuyAvny2IL+6Qh2YvrNDvMqI
X4Qv6+9tMOElQ+Ry0Nba4nw3gM+llzNk9bUoV2d2eJtU2G+HippJxbaz+FXzekKK
xEH4c0FK/RNxxt3JIRD4GhVeNJZ3LkmChftXG8N+H2bVi10O7mWyRRahFu+nB64u
0nDfI9S6s7Gz8Od1X4KDOchsijrpfmCeh9YIGc039lItEbN01DW4QCza7/FwP0zw
rZG7zvjTl6lM3y/7bI67bV6QcuUiFunyyKfrmLA9F7VABkitm5sZq02SIoyg2+oL
s9Yk89Ep5n9A1J1BH7hDi6jz+/4V4poegyM+0Wg7tOP8MbXD70T2uroOwHLs1WUp
Z9oqGa/XCUVwGyqEsq2+viGvzOFKP5r2HpvLcio0TgX7Kb+z20R6rP/nJUDBx6vx
/Hk0+9V05B2OWQfegIfA0c6xLasu2DbT5/Adb2Byyl/4M368AFBHMxZ2V8j6TAfb
5pK9OHfW+anN2nl+4zf/QOq7czhhdC2kGSPib0sSjI6e0+UIAONvJbLMRtSL4QGY
U6b11yerSaz4g98qv3xTIJz28guGmCW1mS98tggFpcZqXtVk//FwEw2rd1KuQVZh
bLchoVHv5sPJfU8hExIO9uPW60V9l0kOly+C/oH9lIazmWAYoglo7v7JVJpfHWIW
mbbmTlHcEfesAe8WEvsyCCmgTPZT4QC2HgC+/ZAycIq8SInaKBFS92aVDCVYaEbw
aHKaX3aYXxG1Aftd2Wpl+9SAdFo9jxxzXsYg7SVCk2DV4J2Jl6MOkWlzpLfq4LfR
oqvVR7F1TR+x95aBFkPPOTbxj9WCv7hNU+0zwWMqeoNoarbXJteGAcQIrcNMrq1R
KOAUptcIAOmRh3HzOIe+d1Xm+hlOfpogdZMt9uKD5/CVVnh32EdkNOzjapbXTE0W
pFnXaCSatR9DGafngL/fRPYIoPD0UNPy6vcdg1TDWCwC7Vh7v5Alp8bGouKHK8fR
fkkN1agjFRdBbmJPsEpEkKJKsxOg90l/XZ21tZGtw/fAyVAX9fNbCDfUbqZ7jyyZ
XgJnq0TEp8fryIsX8g/xy4l690EuBglzlqSW2pdNHI6L9rwyJWFYi16JQZTSKSvt
VOxZi/eFNtbmlOfRExhNqPE3xJM+fe5YNxPg2YZEUhk27dLeAqqc85+wcObGaMvp
Q2xH0Kz65+LnQHV5u8o3NjGH/t31RRUIAIQJComBlJaS0gTpPndQb4StDAy4Qd1Y
CPWuhhOzNA8hwW3rq8MWjkVOR7VSWGtDIcccYydsJj09QzYWgaRFxynGkcjiC0oE
NRq+U+BuSSWhtWVfEsalWkyTdrbyNH53KIUB1MO56/xPaGRpGFj+nl1oWF6XUnGQ
zMiFBS1fLYQrHBiZ+JPnCwhhbRRLgGRyX33tH2oGZ8ga63cgfBWjiH6Aso4KLFeo
kvz/qAs8Rx2Px84I9F2f0lBEGO///Zri/hFoR+4sPez1M5StydhiXXKfJLFBWPuW
uTB9NYexrXK3VSXj388pvOHzl/l/wYD2Jj4gtqW5U3NP67b9+J6cifSS0rQQVGVz
dCBLZXkgMSA8bkBhPokCNwQTAQIAIQUCXH1Q4wIbAwYLCQgHAwIGFQgCCQoLAxYC
AQIeAQIXgAAKCRDgTJMpR52QBlv5D/sGKxPGYHJZD5jwkMdIPt/Q0tiuslY9ur6o
+6g8MkiRxd48xM1Qu9jGBYhc+MjXeM9p3SxLg0qTtIV6Ut3XvBGYE5ukzMFKx6tP
jCHsZ+bYqzxJdJXM5wlaIS+++0wJjqoGJcUZt5+Lbt4uzdjTw3LwED4jkV1ovvzV
IVCDeGPm8KuCw3ebhnPfSoJwpsOKX7Fg+reJXa+43ORS0TbsODX53qS3rSlxbELB
LKAvq8BXUjOHz178O/1MfTiEcCJtjLgkDR3eI7ICIVPMZ5WYtWjtmciAei6oqKHN
ZTPR9eZ86MWBaSAXj7fcOQDX2oD1+rNqZZv3tV37Fh6U5J+QRqvXn0W7IvFzw/7Z
5zWeT0sJ+gx6mNmVUvfP6kGNELxb8HpiX7xiFc5R8yOM8iDxC/NkMrMyq70chYaT
vqkpWHIowOpuAjCPbWpxjbZL8/L7bbOOeBJH6Z6lyC1EQNoWVkGeb8z80781GtIs
J0jWmxftvn8Pp4Vu30DTdOl+F1v6C3lekxT4v+m6/P1afzJq3rCyRlFxvMY+qiiR
IIbomVXFHP6o9nfOp6lf5HFaYHIvtRUDTMfgCNWQ25kyodM9WOnoY0fcGm4eAk0n
VvAN6Mqy3eyS+eiuGXmAjA5If8IjLnzv+WWcqtRtUoOWTV8qQa/No33lKP06eFNl
4lzuhxaXg50HGARcfVDjARAA52HZu1m37gPMhbavVrmSeNOCGzGLjvfmkXgW6RKD
+U1lpYo1eApmWe9+oqUAwog4C1liao/dBd55CI6p3l34qjKYZV9HvpSnkhNZXT+a
gMxexcU86U+Y3tCullcGyAkVehmQ9juBTrkD3IgXh+8u19GQo046AhuZTbDmEsKu
q7nCu0WOVKFZLcCqtpctOrcXw4HdTjS7viONtqm5us1SipECZmSIbFYI50YVoXiO
xtZDk6XgKm7vEF6XBUSOdCVCqtUYk9R/5DfYir74fZBOK9iPqje4UUtpuUwFH1IH
Sf4cD6LcZY18pdYOI0l3CbucQ3go5ydOgBFMsTSrRSX0lxytmT+2LQEPTJry+H39
RWN4LWJ/twGwSh73gucsvT7UyIKlxeeyEUWmjEWyg3Fr8tv+JBnr1wMSvMEiZ3ph
h2wdPh041Je7aZt0cvZJT6fEBGyu/fkm0IEeZQKN1gtjpVS1NSkUeCktklQczuVS
9TxLM8Ciu7FKPykHU2oFIyzJAqE7IYzO7Az5Haf8wuP4LEWCKnUuoipp2obmvPmX
GK3WFJnTR+i24Asa+U3DkAEaNzvVSMNLVLexXvMLr5mNtIch2ZlW2uRWE5BO47Bt
01HZ+q5ZgPf3MLsNNtKJF3wZC0+bEfg9PX7XD8p3Pj+CkqhEr7EZlgJYrcHoDg1f
IGMAEQEAAQAP/2wq4NxGUYd6DCs4X5jF8RT+H9UxoMHp30aDIwa7iqnJxmqQhXWE
OxvxK7zCMWw/vR+FHk6dyaA8RE29T+kt+hkqxPajB8mu+fV+iSjgGoz6vZVsIxEZ
DmifmvaaYYezQ3CMsimCYO1Z7dWzY3i/VqE7DYhighjJKS5aM/xyObD7Cu98UVD8
CtIqP0RTwSexP3E87SXp3hjByzao+rQ610sDBmGyvtoSkF/58hPF5c1LjlTgVz7P
FICND8G9LnFal+N/8ljtnwokF12pcEZW50x1FZhoKwkKHbcrtDtToCe1nQ2sP6dT
8QEf5AUYC4enxqH98vU4+WhCbh1rd2PAnioA3hAvQVsqLg0vOPKhH9o/1ZEy90jR
Kn/VBaSpwnsFxhf8M7F6jt3wX5l0jKkTUIFaXLJTlOSlNgif5FxQ1Nn0l4KzYqo7
9JDcrns7ONSrGN6SvGbhNu3Wy/pyaFMNWDB3Fxd7a5tnSs1qa1A1HlhJGCP+AMz0
7snE5bTeZOG5rpyV+NGq8pruHGNcVBF/jHbnfuteqB5E9rfi23Igbr2YWlGicj3Q
qCSFIQkb3w7vPcAL2nNI0PvW1aorHNT4Q4g+TElmWub86MSENX+LkzdVDmi1JdQl
q5VIBSinjAs+y3N946FH8PFhNpNvG+1To8x42kE2Yvw73Snky78mEgu9CADqgLIm
s44f/SIYa0vI+tb1S5nUIbyZJyXULcof4eqeCq8eAyVUd64nPUdD+QmZryTrXshm
DWtvr38n9WcT0NyB50RThpm1nJ1Br9uoZrZeMPFpfwJU6oTHNfvER4leM1O8eTa+
OSY3WfJaPosOOZdsV/bmi6F3IVkpZ1wGm8NHFGquzaZ+r38oBHeP5pEC/s1ABkS2
BoemhqZHeFqWqgKFQifsmw/JSnWnaLJK92qg7hAYs/aQ11IvMEI+A3UWTjzwB3yq
mJHcERJwkldtgrTQDg5Ga/hDTsraDv+lGH6BiMXvR565AUNumJBYnCQpB9QNJOAH
0UEGKOJT4wU5Mn8PCAD8l+xL56g+5nqhj+1dCkHyZKsdbSqlid93KEdB/LxXUxPQ
KxvjM9UEvN7ZCg7X1ClfxDJ+aTMJGAxjPDc3kzSUte8AXoERDEmdObO8u3lKIT39
TzHrb8mt4qss6cjkXCJBwo35Ql1uNG3RlDX9uSRlaANZt9JoSSd6HMMEhooX6ZeL
krRZNapPySYdgYnqDH1VEv3pNQn3RLAfGZTrQpDdzpHSdUkDyYF6dQG2jcWTANac
nWHcp2JSNnHmeji1AJo43+q6l6dXYC2QePS3X/Vuk4c0XTTZ8YpmroVZJJ7JkV4N
XVrCg57mkfEIFeGRnP+EOkCiYhmkxx6mQLqFIIltB/93z0sWF/laXKhAowLDFI0F
du1a3rIkzkyBlXIizCdYZGAfS6+7uAm0KUQuH2JlyIjJDBYWiAeZG27cAr9ltWCx
8jreSwsET8qVUmOpswbKHUESQ9CIPtM2orhQPqXKPxnxPiYx79NTopKPy2r7LAtc
vz0dzpXI39BgqbTFttIPOIIvTjCHEHnutF4zfrkfqKfUWccJrAZjClG02rbPuwRV
uaVtrfv7L6mCW79c78XieCIzEOZWMoWgIM5nx9EekHo9eBGD0eOue7X6PXOgOzw9
de9PR6QbUxqdT3rySzbY8l/ViEEs5h5Jxg+4emZEPzZOkHSrJDs3ZKnlsrLdwy89
bBmJAh8EGAECAAkFAlx9UOMCGwwACgkQ4EyTKUedkAYEWQ//bEASOho/LjlmEDqg
G8kAr26jQX0dTtGQlU9QNC9UCRD4Uw0WCTN2LYdU4rURvqv8Uc/Zv0wyKtV4T1Qc
T6JO9HtR81n1Mox3EMHqVRvjJUhEFv+vGTzs0M8JU08DuBifISozi1Us68cuj/QH
XpxllBpJ+FdsLDar4/LTh1LD8fYJMKoVAYJhxIyTx4muNG60r43jc3sUFGkfobYW
zG0nM9LQSYP35qNBWdHjvMmGmSQARMzPmLnpF/EY2Qmm96rzXKVrzdzr5aukigym
QnJSnjT+Wg2h4wA0KVLaGt6HtyHXIVmH/ASNDb5PnF7r+HbNjpvge454quS0rh2J
LgeoRY7WZCkC9twBLa5xKa7rasPTR0aqnoo4+anxscbx0hn07zFRF2Gsla1A84yY
f1VcV9HRX66Uf9CxK5BpnMFcygTOZNp1mZK8NSYi/V756vXDScSGBUA732rT42/v
TIowMCRKcIZkPAgveDnX5nrAx+F6GqsLKQ4Z6WhvjveFDi1J6oMvGR5thw7YpAzO
oc9+49bG/G7FvlbC+lppiEkEhJrVlLgpyKnY7Sr6jS4Lo5J1gfq+QwV+GKtAaPFb
ywZFPxm5drKGK+iyO9WcHcZgMBVBueMVPdVodI9ghIHdcUHSTIq8Um2Ats230Ic5
kBetIPcAkV2CQ41N/JFsX/lHD7E=
=+Zl9
-----END PGP PRIVATE KEY BLOCK-----









Signing an encrypted file


During this project, I tested a particular combined operation:
1) Encrypt a message to key A
2) Sign the encrypted message file using key B

An example of its use: B encrypts a message to A's public key. B then signs this message. A knows that the message comes from B, but cannot prove this to a third party without sharing A's private key. B's authorship is therefore plausibly deniable.

This could be used for a chat channel. It would allow recipients to be sure of a statement's authorship, but the author does not have to worry so much that absolutely everything he says might be held against him in the future.

Exception: One of the recipients is willing to burn his private key (or rather, this particular private key - he might have several), by publishing it along with a set of messages from the sender, in order to incriminate the sender in some way.

Alternative approach for assuring authorship in a chat channel:
- Create a new key to be used for chat.
- Delegate chat authority to it via a signed statement (which should clarify the noisier nature of whatever is signed by this key - people should e.g. trust that your published articles carry greater weight than a chat statement).
- Never type anything for which you aren't willing to take responsibility (this means not breaking the taboos or attacking the sacred cows of your culture unless you can defend yourself effectively from that culture via e.g. lawyers and/or bodyguards).

Example of using GPG to perform this combined operation:

[spiano@localhost work]$ ls -1

message.txt

[spiano@localhost work]$ cat message.txt

hello world

[spiano@localhost work]$ gpg --encrypt --recipient BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 --armor message.txt


[spiano@localhost work]$ ls -1

message.txt
message.txt.asc

[spiano@localhost work]$ cat message.txt.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQIMA277c+dPbf7sAQ//R64Ql6UJKdeL3bHrmC6I6/nPmoBGTIR8ar3OpZ6lHAdg
TZ9vpW4HRTU8aUFFNzUAMG9tPlE4j0POfrXztXMv742jEToiPPV4wIrDnpWlqJ6+
lDunCkUvuHcg6BY/81ukmQ1ToH47M4q5s90UrK/MviAW+WxbDSVbnMIXMqf04rBo
FpAVdCcO8Uh0ndTzs9DVzFc9G6eJb0SwJMLndwXUkLHK7ftmlieC8ArjIy8qbKnH
9Ef4PIhid+DIToVG55LpNmrBc4FKbVkuaPf/8t0p0PGwlqYL8sPtyNQgQzxLqOFt
h3C8cbd3OT6i4710/U8VQYwyxbEa/kbCo99f3WgIF6Yy+QtjBVRDj1LBqhjWTeQP
O3vO0T7PfWCBnHm22ZaG4qQSh2y4+5U8W9VJI1SSuCvj99vIB1IwgX2EI5Jv/tvY
vJx9VBntrvTaVjnnBOJtBjjwvcQHF9ieWAOKQOP5i8JrHXh2yJqTeWQgWMgB9KkK
pZW6YExYDXD9tcpXg50xXqqJ92LR0lGRJOtguZ5ZsG5/5kznc6FAbmM2KfkOS7yr
n3y01lBqBxzp3Cn7bHgrQTa0V4LWmSsiDjxTKWyzw9xKBpsfcrshlRQk1EvN1/xw
GKFq83zyqXVoH2NSsgz2787sOL+QmgHAZ+qgeIUTbTi0SD9bXu+kseYQizNZk0PS
UgFzhnCDJMX1ROa9O2UBOOQ/Mc/utW+x65tykBW8vkCaKLEhaX6rzYMHigrRXQC3
b1Exhrqfvso0MW8bM9jrvH3RrU6uAoAFD7GWmiVMQVr5j+c=
=37c6
-----END PGP MESSAGE-----

[spiano@localhost work]$ gpg --detach-sign --armor --local-user 22D2012D82FA14F44A3AC9BEE04C9329479D9006 message.txt.asc


[spiano@localhost work]$ ls -1

message.txt
message.txt.asc
message.txt.asc.asc

[spiano@localhost work]$ cat message.txt.asc.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgXI3AAoJEOBMkylHnZAGCX0P/1jkowWLbHmPlNODVyAtCWEz
6VnlMaxeK4eh2RYUnwHtAhgsl9WDZuO1HQhZ/T8Er0LVVx9BsfxHPB8ea4DaMDjf
sQIuIlV3VtD9VNV6EKWv0fgWBqAkSbAn8i4/fkR9zkD3wixCwHWROMeFJ/8B8/wl
QLKT66vr05lqO9VAaOw23EEaFl0u7hBap4q4dkdsj4/E2TllRNP95SeYMb3YNCyv
Th6w3cdqFGXaDXk+JetPrAJ0avg0ekOPNMYZmoR7y3+KyN6b8xqNNSrS/K+sLa8q
4jzXXWbkV2WGEzDLbrL3sZlmnNKWFb1uNyS2H8WH1a0sQU0NvTjGHiVa5LnsbjQG
JlIWeTXm8z5SgefKJipvo68ec9OII3O/mRr9EOYgMwJzcF3W4xjpnzxj491R6iRq
bbMPy48NlSHXlZ8P3Yw6iJ+tZC9yI2mctSklv5VdR2zwDzfkuoqdb6buz0dXK95z
drHZq8AylUsUwV4gdbzcjoaFhIsrOhsN0lNdoOxQFu8jk5gTaASccS4hGXrL3ygJ
CZCa9vkjMuFZDh4JarMDoCpniuROP9UxDc+qo6L/yBOqlM7bGa9eErq9XPejJ/t9
TBwPTqFbTo5J7d3NhN3dKXRzjoyq4TGbogT/+67BpeFQr4pG4lyj5DSJ0/OXoPn5
Xr2R+W1ghUnqZU74W/5M
=nXMi
-----END PGP SIGNATURE-----

[verify signature]
[spiano@localhost work]$ gpg --status-fd 1 --verify message.txt.asc.asc message.txt.asc

gpg: Signature made Thu 07 Mar 2019 07:34:15 PM GMT using RSA key ID 479D9006 [GNUPG:] SIG_ID JrK3OaIyD6Zl5rh2gKYW5SLa+xs 2019-03-07 1551987255 [GNUPG:] GOODSIG E04C9329479D9006 Test Key 1 <n@a> gpg: Good signature from "Test Key 1 <n@a>" [GNUPG:] VALIDSIG 22D2012D82FA14F44A3AC9BEE04C9329479D9006 2019-03-07 1551987255 0 4 0 1 2 00 22D2012D82FA14F44A3AC9BEE04C9329479D9006 [GNUPG:] TRUST_UNDEFINED gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006


[test detached signature against Test Key 1 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify message.txt.asc.asc message.txt.asc 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

1

[test detached signature against Test Key 2 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify message.txt.asc.asc message.txt.asc 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

0

[decrypt the encrypted message file]
[spiano@localhost work]$ gpg --decrypt message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world







Some notes concerning GPG key IDs


The following excerpt comes from the previous article Offline installation of a C compiler on Centos 6.9 Minimal on Kalkin. It is the "4) OpenPGP Keys" part of the Discoveries section.

4) OPENPGP KEYS

Key formats:
- There are two versions of key-material packets. Version 3 packets were first generated by PGP 2.6. Version 4 keys first appeared in PGP 5.0 and are the preferred key version for OpenPGP.
- V3 == Version 3
- V4 == Version 4
- V3 keys are deprecated.
- The key ID of a V3 key is the last section of its public modulus.
- The fingerprint of a V3 key is the last section of a hash of several pieces of information, one of which is the key.
- The fingerprint of a V4 key is the last section of a hash of several pieces of information, one of which is the key.
- The key ID of a V4 key is the last section of its fingerprint.
- If V3 and V4 format keys share the same RSA key material, they will have different fingerprints and different Key IDs.
- An implementation of RFC 4880 (e.g. GPG) should only create V4 keys. It may accept V3 keys.
- Older combinations of rpm and gpg expect V3 keys and signatures.
- For V4 keys, the short key ID is the last half of the long key ID.

Key IDs:
- Key IDs are short "names" for keys, shorter than the fingerprint or the modulus. They are used for convenience, as less typing/reading is required and they are more human-intelligible. However, they are less secure, because another key with the same key ID can be generated (on purpose or by accident).
- A short key ID, e.g. A4FF 2279, is 8 hex characters. Each pair of hex characters represents one octet (8 bits), so the short key ID consists of 4 octets (32 bits).
- A long key ID, e.g. 4E1F 799A A4FF 2279, is 16 hex characters. It therefore consists of 8 octets (64 bits).
- GPG has trouble handling two keys that have the same key ID.

The short key ID can be viewed by running:

gpg /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6


The long key ID and the fingerprint of a key can be viewed by running:

gpg --with-fingerprint --keyid-format long /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6


User IDs:
- A user ID is some text that is a human-readable identifier for a key's user.
Example: Heinrich Heine <heinrichh@duesseldorf.de>
It is of course easily forged (someone else can simply create a key or a message with the same user ID text). Digital signatures should be used to prove that a user ID is attached to a particular key/message.





















PROJECT LOG





In a previous project, I installed GPG 1.4.10 on CentOS 7.6 on my computer Shovel.

Link:
Installing GPG 1.4.10 on CentOS 7.6

System details:
- Name: Shovel
- Specifications: HP 6005 Pro SFF. 3 GHz x86_64 processor (AMD II x4 B95 Quad Core), 4 GB RAM, 1 TB hard drive. Running CentOS 7.6.1810 (Core).
- More information: New computer: Shovel
- Installed items: GCC 4.8.5, Make 3.82.



[spiano@localhost ~]$ gpg --help

gpg (GnuPG) 1.4.10 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB Syntax: gpg [options] [files] sign, check, encrypt or decrypt default operation depends on the input data Commands: -s, --sign [file] make a signature --clearsign [file] make a clear text signature -b, --detach-sign make a detached signature -e, --encrypt encrypt data -c, --symmetric encryption only with symmetric cipher -d, --decrypt decrypt data (default) --verify verify a signature --list-keys list keys --list-sigs list keys and signatures --check-sigs list and check key signatures --fingerprint list keys and fingerprints -K, --list-secret-keys list secret keys --gen-key generate a new key pair --delete-keys remove keys from the public keyring --delete-secret-keys remove keys from the secret keyring --sign-key sign a key --lsign-key sign a key locally --edit-key sign or edit a key --gen-revoke generate a revocation certificate --export export keys --send-keys export keys to a key server --recv-keys import keys from a key server --search-keys search for keys on a key server --refresh-keys update all keys from a keyserver --import import/merge keys --card-status print the card status --card-edit change data on a card --change-pin change a card's PIN --update-trustdb update the trust database --print-md algo [files] print message digests Options: -a, --armor create ascii armored output -r, --recipient NAME encrypt for NAME -u, --local-user use this user-id to sign or decrypt -z N set compress level N (0 disables) --textmode use canonical text mode -o, --output use as output file -v, --verbose verbose -n, --dry-run do not make any changes -i, --interactive prompt before overwriting --openpgp use strict OpenPGP behavior --pgp2 generate PGP 2.x compatible messages (See the man page for a complete listing of all commands and options) Examples: -se -r Bob [file] sign and encrypt for user Bob --clearsign [file] make a clear text signature --detach-sign [file] make a detached signature --list-keys [names] show keys --fingerprint [names] show fingerprints Please report bugs to <gnupg-bugs@gnu.org>.





List of commands / operations that I consider basic:
- create key
- display key
- display all keys
- delete key
- export key
- import key
- export ASCII-encoded key
- import ASCII-encoded key
- sign using a specific key, producing a detached signature
- verify a detached signature, using a specific key
- verify an ASCII-encoded detached signature, using a specific key
- sign using a specific key, producing an ASCII-encoded detached signature
- encrypt a message to a specific public key
- decode an encrypted message, using a specific private key
- display fingerprint for a specific key
- display fingerprints for all keys
- use a fingerprint to retrieve the corresponding key

Note: Also, find out where GPG stores data i.e. the keys.


During a previous project, I learned that GPG fingerprints are not necessarily unique. Nonetheless, as a first pass, they can be useful for distinguishing between keys or looking up a particular key.

Link to previous project:
Offline installation of a C compiler on Centos 6.9 Minimal on Kalkin
- See the Discoveries section, part 4) OpenPGP Keys.



I'm going to see if I can find ways to perform all these basic operations. I'll search and read about GPG in the course of this project, in order to find possibilities for testing, but I'm not going to cite every source.

There's a particular combined operation I'm interested in:
- Is it possible for 1) a message to be encrypted to key A, and 2) the encrypted message to be signed by key B?
This would allow key B to send a secure message to key A, where A could be sure that it came from B, but B could plausibly deny (plausible to third parties) sending the message to A. A could not prove to other parties that B signed the message without revealing A's private key.
I know this operation is theoretically possible (all messages are byte strings), but is it possible using GPG 1.4.10?




Ok, number 1: create a key.

Note: A GPG 'key' is really a keypair: A private key and a public key.



[spiano@localhost ~]$ gpg --gen-key

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Test Key 1 Email address: n/a Not a valid email address Email address: n@a Comment: You selected this USER-ID: "Test Key 1 <n@a>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. You don't want a passphrase - this is probably a *bad* idea! I will do it anyway. You can change your passphrase at any time, using this program with the option "--edit-key". We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++ .........................+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..........+++++ ..+++++ gpg: key 479D9006 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04




Let's summarise my choices during key generation:
- 1) key type = "1" (RSA and RSA)
- 2) key size = "4096"
- 3) expiry period = "0" (never)
- 4) confirm expiry period = "y"
- 5) real name = "Test Key 1"
- 6) email address = "n@a"
- 7) comment = ""
- 8) confirm real name, email address, and comment = "o"
- 9) passphrase = ""
- 10) confirm passphrase = ""

I didn't perform any action while random bytes were being generated.

Note: GPG insisted on generating a passphrase even though I chose not to.
Question: If I (the user spiano, presumably) can change the passphrase at any time, what protection does it provide (right now)?
Question: Will the passphrase prevent me viewing / exporting the key?

In the output, the words "pub" and "sub" suggest "public key" and "subordinate key". I recall that I have read something about a GPG key actually containing two keypairs, one for signing and one to which encrypted messages are sent.

In the output, "479D9006" and "36BDD5FA" should be short key IDs. Note that the public key's short key ID is the last 8 characters of the fingerprint.


Test Key 1 fingerprint:
22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006




Next: How to display keys.



[spiano@localhost ~]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04




Aha. Looks like GPG stores in data in:
/home/spiano/.gnupg
and stores the public keys in:
/home/spiano/.gnupg/pubring.gpg




[spiano@localhost ~]$ ls -1 /home/spiano/.gnupg

gpg.conf
pubring.gpg
pubring.gpg~
random_seed
secring.gpg
trustdb.gpg



[spiano@localhost ~]$ gpg --list-keys "Test Key 1"

pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04



Some reading indicates that, in GPG commands, I can use a key ID, fingerprint, real name, or email address to refer to a key.

It's best to use the fingerprint, as this has the least chance of being counterfeited. The fingerprint is a hash of several pieces of information, including the key. I note that the list-keys output includes the short key ID, but not the fingerprint. I wonder if this preference runs through the entire structure of GPG.

Some reading indicates that the fingerprint can be used with spaces (i.e. as it is printed by GPG).



[spiano@localhost ~]$ gpg --list-keys "Test Key 1"

pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04



[spiano@localhost ~]$ gpg --list-keys "22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006"

gpg: error reading key: public key not found


[spiano@localhost ~]$ gpg --edit-key "22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


[spiano@localhost ~]$ gpg --edit-key 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


[spiano@localhost ~]$ gpg --edit-key 22D2012D82FA14F44A3AC9BEE04C9329479D9006

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/479D9006 created: 2019-03-04 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/36BDD5FA created: 2019-03-04 expires: never usage: E [ultimate] (1). Test Key 1 <n@a>


Command> exit

Invalid command (try "help")

Command> help
quit quit this menu save save and quit help show this help fpr show key fingerprint list list key and user IDs uid select user ID N key select subkey N check check signatures sign sign selected user IDs [* see below for related commands] lsign sign selected user IDs locally tsign sign selected user IDs with a trust signature nrsign sign selected user IDs with a non-revocable signature adduid add a user ID addphoto add a photo ID deluid delete selected user IDs addkey add a subkey addcardkey add a key to a smartcard keytocard move a key to a smartcard bkuptocard move a backup key to a smartcard delkey delete selected subkeys addrevoker add a revocation key delsig delete signatures from the selected user IDs expire change the expiration date for the key or selected subkeys primary flag the selected user ID as primary toggle toggle between the secret and public key listings pref list preferences (expert) showpref list preferences (verbose) setpref set preference list for the selected user IDs keyserver set the preferred keyserver URL for the selected user IDs notation set a notation for the selected user IDs passwd change the passphrase trust change the ownertrust revsig revoke signatures on the selected user IDs revuid revoke selected user IDs revkey revoke key or selected subkeys enable enable key disable disable key showphoto show selected photo IDs clean compact unusable user IDs and remove unusable signatures from key minimize compact unusable user IDs and remove all signatures from key * The `sign' command may be prefixed with an `l' for local signatures (lsign), a `t' for trust signatures (tsign), an `nr' for non-revocable signatures (nrsign), or any combination thereof (ltsign, tnrsign, etc.).


Command> quit


[spiano@localhost ~]$







Hm. Evidently, the fingerprint should be used without spaces.

The "edit key" subsystem has many options. Are all these properties stored within the text representation of a public key?

I can't see an option for "show text representation of key".


Let's test a few of these edit commands.



[spiano@localhost ~]$ gpg --edit-key 22D2012D82FA14F44A3AC9BEE04C9329479D9006

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/479D9006 created: 2019-03-04 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/36BDD5FA created: 2019-03-04 expires: never usage: E [ultimate] (1). Test Key 1 <n@a> Command> fpr pub 4096R/479D9006 2019-03-04 Test Key 1 <n@a> Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 Command> list pub 4096R/479D9006 created: 2019-03-04 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/36BDD5FA created: 2019-03-04 expires: never usage: E [ultimate] (1). Test Key 1 <n@a> Command> uid pub 4096R/479D9006 created: 2019-03-04 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/36BDD5FA created: 2019-03-04 expires: never usage: E [ultimate] (1). Test Key 1 <n@a> Command> key pub 4096R/479D9006 created: 2019-03-04 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/36BDD5FA created: 2019-03-04 expires: never usage: E [ultimate] (1). Test Key 1 <n@a> Command> key 1 pub 4096R/479D9006 created: 2019-03-04 expires: never usage: SC trust: ultimate validity: ultimate sub* 4096R/36BDD5FA created: 2019-03-04 expires: never usage: E [ultimate] (1). Test Key 1 <n@a> Command> key 2 No subkey with index 2 Command> key 0 pub 4096R/479D9006 created: 2019-03-04 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/36BDD5FA created: 2019-03-04 expires: never usage: E [ultimate] (1). Test Key 1 <n@a> Command> check uid Test Key 1 <n@a> sig!3 479D9006 2019-03-04 [self-signature] Command> showpref [ultimate] (1). Test Key 1 <n@a> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA256, SHA1, SHA384, SHA512, SHA224 Compression: ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify Command> pref [ultimate] (1). Test Key 1 <n@a> S9 S8 S7 S3 S2 H8 H2 H9 H10 H11 Z2 Z1 [mdc] [no-ks-modify] Command> passwd This key is not protected. Enter the new passphrase for this secret key. You don't want a passphrase - this is probably a *bad* idea! Do you really want to do this? (y/N) y Command> enable Command> disable Command> enable Command> showphoto Command> quit Save changes? (y/N) y


[spiano@localhost ~]$




I entered a blank passphrase, by pressing Enter.
I was not prompted for the auto-generated passphrase. It's possible that although GPG reported generating a passphrase automatically earlier, it actually didn't.


Well, perhaps the only way to "display key" for the entire key (rather than view GPG's display of various properties of the key) is to export it as a text file and view that.



Let's take that approach.


Test Key 1 fingerprint without spaces:
22D2012D82FA14F44A3AC9BEE04C9329479D9006



Test Key 1 short key ID without spaces:
479D9006



Test Key 1 long key ID without spaces:
E04C9329479D9006



Note: I know from prior work that the long key ID is the last 16 characters of the fingerprint.



[spiano@localhost ~]$ gpg --export "Test Key 1"


[lots of binary garble]

[spiano@localhost ~]$ gpg --armor --export "Test Key 1"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
tBBUZXN0IEtleSAxIDxuQGE+iQI3BBMBAgAhBQJcfVDjAhsDBgsJCAcDAgYVCAIJ
CgsDFgIBAh4BAheAAAoJEOBMkylHnZAGW/kP+wYrE8ZgclkPmPCQx0g+39DS2K6y
Vj26vqj7qDwySJHF3jzEzVC72MYFiFz4yNd4z2ndLEuDSpO0hXpS3de8EZgTm6TM
wUrHq0+MIexn5tirPEl0lcznCVohL777TAmOqgYlxRm3n4tu3i7N2NPDcvAQPiOR
XWi+/NUhUIN4Y+bwq4LDd5uGc99KgnCmw4pfsWD6t4ldr7jc5FLRNuw4NfnepLet
KXFsQsEsoC+rwFdSM4fPXvw7/Ux9OIRwIm2MuCQNHd4jsgIhU8xnlZi1aO2ZyIB6
Lqiooc1lM9H15nzoxYFpIBePt9w5ANfagPX6s2plm/e1XfsWHpTkn5BGq9efRbsi
8XPD/tnnNZ5PSwn6DHqY2ZVS98/qQY0QvFvwemJfvGIVzlHzI4zyIPEL82QyszKr
vRyFhpO+qSlYcijA6m4CMI9tanGNtkvz8vtts454EkfpnqXILURA2hZWQZ5vzPzT
vzUa0iwnSNabF+2+fw+nhW7fQNN06X4XW/oLeV6TFPi/6br8/Vp/MmresLJGUXG8
xj6qKJEghuiZVcUc/qj2d86nqV/kcVpgci+1FQNMx+AI1ZDbmTKh0z1Y6ehjR9wa
bh4CTSdW8A3oyrLd7JL56K4ZeYCMDkh/wiMufO/5ZZyq1G1Sg5ZNXypBr82jfeUo
/Tp4U2XiXO6HFpeDuQINBFx9UOMBEADnYdm7WbfuA8yFtq9WuZJ404IbMYuO9+aR
eBbpEoP5TWWlijV4CmZZ736ipQDCiDgLWWJqj90F3nkIjqneXfiqMphlX0e+lKeS
E1ldP5qAzF7FxTzpT5je0K6WVwbICRV6GZD2O4FOuQPciBeH7y7X0ZCjTjoCG5lN
sOYSwq6rucK7RY5UoVktwKq2ly06txfDgd1ONLu+I422qbm6zVKKkQJmZIhsVgjn
RhWheI7G1kOTpeAqbu8QXpcFRI50JUKq1RiT1H/kN9iKvvh9kE4r2I+qN7hRS2m5
TAUfUgdJ/hwPotxljXyl1g4jSXcJu5xDeCjnJ06AEUyxNKtFJfSXHK2ZP7YtAQ9M
mvL4ff1FY3gtYn+3AbBKHveC5yy9PtTIgqXF57IRRaaMRbKDcWvy2/4kGevXAxK8
wSJnemGHbB0+HTjUl7tpm3Ry9klPp8QEbK79+SbQgR5lAo3WC2OlVLU1KRR4KS2S
VBzO5VL1PEszwKK7sUo/KQdTagUjLMkCoTshjM7sDPkdp/zC4/gsRYIqdS6iKmna
hua8+ZcYrdYUmdNH6LbgCxr5TcOQARo3O9VIw0tUt7Fe8wuvmY20hyHZmVba5FYT
kE7jsG3TUdn6rlmA9/cwuw020okXfBkLT5sR+D09ftcPync+P4KSqESvsRmWAlit
wegODV8gYwARAQABiQIfBBgBAgAJBQJcfVDjAhsMAAoJEOBMkylHnZAGBFkP/2xA
EjoaPy45ZhA6oBvJAK9uo0F9HU7RkJVPUDQvVAkQ+FMNFgkzdi2HVOK1Eb6r/FHP
2b9MMirVeE9UHE+iTvR7UfNZ9TKMdxDB6lUb4yVIRBb/rxk87NDPCVNPA7gYnyEq
M4tVLOvHLo/0B16cZZQaSfhXbCw2q+Py04dSw/H2CTCqFQGCYcSMk8eJrjRutK+N
43N7FBRpH6G2FsxtJzPS0EmD9+ajQVnR47zJhpkkAETMz5i56RfxGNkJpveq81yl
a83c6+WrpIoMpkJyUp40/loNoeMANClS2hreh7ch1yFZh/wEjQ2+T5xe6/h2zY6b
4HuOeKrktK4diS4HqEWO1mQpAvbcAS2ucSmu62rD00dGqp6KOPmp8bHG8dIZ9O8x
URdhrJWtQPOMmH9VXFfR0V+ulH/QsSuQaZzBXMoEzmTadZmSvDUmIv1e+er1w0nE
hgVAO99q0+Nv70yKMDAkSnCGZDwIL3g51+Z6wMfhehqrCykOGelob473hQ4tSeqD
LxkebYcO2KQMzqHPfuPWxvxuxb5WwvpaaYhJBISa1ZS4Kcip2O0q+o0uC6OSdYH6
vkMFfhirQGjxW8sGRT8ZuXayhivosjvVnB3GYDAVQbnjFT3VaHSPYISB3XFB0kyK
vFJtgLbNt9CHOZAXrSD3AJFdgkONTfyRbF/5Rw+x
=vmax
-----END PGP PUBLIC KEY BLOCK-----




I have a project directory named "testing_GPG_1.4.10".

Within it, make a new work directory named "work".

In the terminal, change directory to this new work directory.




[spiano@localhost work]$ gpg --armor --export "Test Key 1" > test_key_1.txt


[spiano@localhost work]$ gpg --armor --export 479D9006 > test_key_2.txt


[spiano@localhost work]$ gpg --armor --export 22D2012D82FA14F44A3AC9BEE04C9329479D9006 > test_key_3.txt


[spiano@localhost work]$ diff test_key_1.txt test_key_2.txt


[spiano@localhost work]$ diff test_key_1.txt test_key_3.txt


[spiano@localhost work]$ rm test_key_2.txt test_key_3.txt


[spiano@localhost work]$ ls

test_key_1.txt

[spiano@localhost work]$ cat test_key_1.txt

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
tBBUZXN0IEtleSAxIDxuQGE+iQI3BBMBAgAhBQJcfVDjAhsDBgsJCAcDAgYVCAIJ
CgsDFgIBAh4BAheAAAoJEOBMkylHnZAGW/kP+wYrE8ZgclkPmPCQx0g+39DS2K6y
Vj26vqj7qDwySJHF3jzEzVC72MYFiFz4yNd4z2ndLEuDSpO0hXpS3de8EZgTm6TM
wUrHq0+MIexn5tirPEl0lcznCVohL777TAmOqgYlxRm3n4tu3i7N2NPDcvAQPiOR
XWi+/NUhUIN4Y+bwq4LDd5uGc99KgnCmw4pfsWD6t4ldr7jc5FLRNuw4NfnepLet
KXFsQsEsoC+rwFdSM4fPXvw7/Ux9OIRwIm2MuCQNHd4jsgIhU8xnlZi1aO2ZyIB6
Lqiooc1lM9H15nzoxYFpIBePt9w5ANfagPX6s2plm/e1XfsWHpTkn5BGq9efRbsi
8XPD/tnnNZ5PSwn6DHqY2ZVS98/qQY0QvFvwemJfvGIVzlHzI4zyIPEL82QyszKr
vRyFhpO+qSlYcijA6m4CMI9tanGNtkvz8vtts454EkfpnqXILURA2hZWQZ5vzPzT
vzUa0iwnSNabF+2+fw+nhW7fQNN06X4XW/oLeV6TFPi/6br8/Vp/MmresLJGUXG8
xj6qKJEghuiZVcUc/qj2d86nqV/kcVpgci+1FQNMx+AI1ZDbmTKh0z1Y6ehjR9wa
bh4CTSdW8A3oyrLd7JL56K4ZeYCMDkh/wiMufO/5ZZyq1G1Sg5ZNXypBr82jfeUo
/Tp4U2XiXO6HFpeDuQINBFx9UOMBEADnYdm7WbfuA8yFtq9WuZJ404IbMYuO9+aR
eBbpEoP5TWWlijV4CmZZ736ipQDCiDgLWWJqj90F3nkIjqneXfiqMphlX0e+lKeS
E1ldP5qAzF7FxTzpT5je0K6WVwbICRV6GZD2O4FOuQPciBeH7y7X0ZCjTjoCG5lN
sOYSwq6rucK7RY5UoVktwKq2ly06txfDgd1ONLu+I422qbm6zVKKkQJmZIhsVgjn
RhWheI7G1kOTpeAqbu8QXpcFRI50JUKq1RiT1H/kN9iKvvh9kE4r2I+qN7hRS2m5
TAUfUgdJ/hwPotxljXyl1g4jSXcJu5xDeCjnJ06AEUyxNKtFJfSXHK2ZP7YtAQ9M
mvL4ff1FY3gtYn+3AbBKHveC5yy9PtTIgqXF57IRRaaMRbKDcWvy2/4kGevXAxK8
wSJnemGHbB0+HTjUl7tpm3Ry9klPp8QEbK79+SbQgR5lAo3WC2OlVLU1KRR4KS2S
VBzO5VL1PEszwKK7sUo/KQdTagUjLMkCoTshjM7sDPkdp/zC4/gsRYIqdS6iKmna
hua8+ZcYrdYUmdNH6LbgCxr5TcOQARo3O9VIw0tUt7Fe8wuvmY20hyHZmVba5FYT
kE7jsG3TUdn6rlmA9/cwuw020okXfBkLT5sR+D09ftcPync+P4KSqESvsRmWAlit
wegODV8gYwARAQABiQIfBBgBAgAJBQJcfVDjAhsMAAoJEOBMkylHnZAGBFkP/2xA
EjoaPy45ZhA6oBvJAK9uo0F9HU7RkJVPUDQvVAkQ+FMNFgkzdi2HVOK1Eb6r/FHP
2b9MMirVeE9UHE+iTvR7UfNZ9TKMdxDB6lUb4yVIRBb/rxk87NDPCVNPA7gYnyEq
M4tVLOvHLo/0B16cZZQaSfhXbCw2q+Py04dSw/H2CTCqFQGCYcSMk8eJrjRutK+N
43N7FBRpH6G2FsxtJzPS0EmD9+ajQVnR47zJhpkkAETMz5i56RfxGNkJpveq81yl
a83c6+WrpIoMpkJyUp40/loNoeMANClS2hreh7ch1yFZh/wEjQ2+T5xe6/h2zY6b
4HuOeKrktK4diS4HqEWO1mQpAvbcAS2ucSmu62rD00dGqp6KOPmp8bHG8dIZ9O8x
URdhrJWtQPOMmH9VXFfR0V+ulH/QsSuQaZzBXMoEzmTadZmSvDUmIv1e+er1w0nE
hgVAO99q0+Nv70yKMDAkSnCGZDwIL3g51+Z6wMfhehqrCykOGelob473hQ4tSeqD
LxkebYcO2KQMzqHPfuPWxvxuxb5WwvpaaYhJBISa1ZS4Kcip2O0q+o0uC6OSdYH6
vkMFfhirQGjxW8sGRT8ZuXayhivosjvVnB3GYDAVQbnjFT3VaHSPYISB3XFB0kyK
vFJtgLbNt9CHOZAXrSD3AJFdgkONTfyRbF/5Rw+x
=vmax
-----END PGP PUBLIC KEY BLOCK-----

[spiano@localhost work]$ gpg --armor --export "n@a" > test_key_4.txt


[spiano@localhost work]$ diff test_key_1.txt test_key_4.txt


[spiano@localhost work]$ rm test_key_4.txt


[spiano@localhost work]$ gpg --armor --export E04C9329479D9006 > test_key_5.txt


[spiano@localhost work]$ diff test_key_1.txt test_key_5.txt


[spiano@localhost work]$ rm test_key_5.txt


[spiano@localhost work]$ ls

test_key_1.txt




So: The command that performs "display key" is
gpg --armor --export [key]
, where [key] can be the real name, the email address, the short key ID, the long key ID, or the fingerprint. The email address can be used directly without quotation marks.








Hm. I find that running
gpg --fingerprint
allows me to display keys and see all of these properties.


[spiano@localhost work]$ gpg --fingerprint

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04




I assume that it displays all keys. I should create another key and confirm that this command displays both keys.



Ok: Create a second key.


[spiano@localhost ~]$ gpg --gen-key

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Test Key 1 Email address: n/a Not a valid email address Email address: n@a Comment: You selected this USER-ID: "Test Key 1 <n@a>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. You don't want a passphrase - this is probably a *bad* idea! I will do it anyway. You can change your passphrase at any time, using this program with the option "--edit-key". We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .....+++++ ...+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..................+++++ +++++ gpg: key E4D7C711 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u pub 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06




Let's summarise my choices during key generation:
- 1) key type = "1" (RSA and RSA)
- 2) key size = "4096"
- 3) expiry period = "0" (never)
- 4) confirm expiry period = "y"
- 5) real name = "Test Key 2"
- 6) email address = "n@a2"
- 7) comment = ""
- 8) confirm real name, email address, and comment = "o"
- 9) passphrase = ""
- 10) confirm passphrase = ""

I didn't perform any action while random bytes were being generated.



Test Key 2 fingerprint:
BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711



Test Key 2 fingerprint without spaces:
BA9A077B050C3FC064597E7C98D3EFEDE4D7C711



Test Key 2 short key ID without spaces:
E4D7C711



Test Key 2 long key ID without spaces:
98D3EFEDE4D7C711




Test that
gpg --fingerprint
displays multiple keys.


[spiano@localhost work]$ gpg --fingerprint

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04 pub 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06



Yes, it does.



Next: Sign a file with Test Key 1, producing a detached signature. Then verify the signature.


I'll need something to sign. Create a new file.


[spiano@localhost work]$ echo "hello world" > foo.txt


[spiano@localhost work]$ cat foo.txt

hello world

[spiano@localhost work]$ ls -1

foo.txt
test_key_1.txt

[spiano@localhost work]$ gpg --detach-sign foo.txt


[spiano@localhost work]$ cat foo.txt.sig

[garbled output due to printing binary data]

[spiano@localhost work]$ cat foo.txt.sig | xxd -plain

89021c04000102000605025c80120d000a0910e04c9329479d900681340f
ff5508381be8d0e37877bb7967cfbca705e23f54fa240e743a105c30211b
0c495080f7738431233d9f39b51bc0e4dfb3b2f488e655c04ffe698cc3ab
0ada7fb267469261fbf3983f8a5e75a700c26d05ce2c1cd88212cf775645
82601393ea80cdeca965221a28d34562eebf0c3047c64cfe2326b8ccf622
292e0ea282759d55f1bc1ceb4a1703b8782b80c1da2a29c910f95c7480f6
81b91cf3ccf6cf49c11f405f60f40a149a15645ae2d911b0c7d8bc1338e0
a99b1f1f9ddf2046aa53c3261c5dca83ba2237f6bf769f2edff3e5624ab4
3dbc5b3713e6e1c3aa7d4e83dedec5a8b1bdc4c60cdbedffca0ed7ec3235
d4375262cfd827c0755cd0ea4fb85b9e7c17e0fcb4c84faba69d525b2b43
d818543632458124dd2706e89eab753755d4d3350d6e6b37558cbf206bbc
d8dbeb17d0486dd200d41022fc56e5f770c19f3cf0150217c8ff71dbad4d
2f88072c2f02a56be99c1e2aaed1c7661232e3c577a7bc2527317684e3c2
008432df1e22a18a62ba39507352e8260fcd8f0ef2a11f17bbe153be2d02
5772f74d016de5099f646dca461b4817e836439d56e63814f5f77ee317af
adfb580889a4a062a9654e333754a573f8bed26626ea98cdbcf8e755160f
3d2b7a6012a6125391713de229c789cf3c4db57acfd2f0753c2317a6c022
f7281f2e39b3cb41c7d44aa4eeb661ed429bd4fc0ddeaeb0a53b5bd7c01f
8c8b49

[spiano@localhost work]$ gpg --verify foo.txt

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"




Hm. Next: How to specify that a particular key should be used in the verification attempt?


[some reading occurs here]


[spiano@localhost work]$ gpg --export Test Key 1 > test_key_1.gpg


[spiano@localhost work]$ gpg --no-default-keyring --keyring ./test_key_1.gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"

[spiano@localhost work]$ gpg --export Test Key 2 > test_key_2.gpg


[spiano@localhost work]$ gpg --no-default-keyring --keyring ./test_key_2.gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"



Hm. I had expected the second verification attempt to fail.


I'll try with an absolute path.


[spiano@localhost work]$ cp test_key_2.gpg /tmp


[spiano@localhost work]$ gpg --no-default-keyring --keyring /tmp/test_key_2.gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"



Nope.


Hm. I can't find a GPG command or option that lets me specify a key for verification.


A hacky way to do this would be:


[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt 2>&1 | grep "Test Key 2" | wc -l

0

[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt 2>&1 | grep "Test Key 1" | wc -l

1



Note: I found that the GPG output is sent to stderr. I redirected it to stdout using
2>&1
, so that it isn't printed to the terminal.

Well, this approach allows me to ask GPG if a specific key (or rather key's real name) made a particular signature, and it produces a binary result (0 for failure, 1 for success).


I'd prefer to be able to specify the key by fingerprint.



[some reading occurs here]


Test Key 1 fingerprint without spaces:
22D2012D82FA14F44A3AC9BEE04C9329479D9006


Test Key 2 fingerprint without spaces:
BA9A077B050C3FC064597E7C98D3EFEDE4D7C711



[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.sig foo.txt 2>&1

[GNUPG:] SIG_ID 7NeJ1mfZGh6lYEnTH23H9keVcFI 2019-03-06 1551897101
[GNUPG:] GOODSIG E04C9329479D9006 Test Key 1 <n@a>
gpg: Good signature from "Test Key 1 <n@a>"
[GNUPG:] VALIDSIG 22D2012D82FA14F44A3AC9BEE04C9329479D9006 2019-03-06 1551897101 0 4 0 1 2 00 22D2012D82FA14F44A3AC9BEE04C9329479D9006
[GNUPG:] TRUST_ULTIMATE

[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.sig foo.txt 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

1



Excellent.


I'll test with the Test Key 2 fingerprint without spaces. This should produce "0".

[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.sig foo.txt 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

0




Good.




Clean up a bit.

[spiano@localhost work]$ ls -1

foo.txt
foo.txt.sig
test_key_1.gpg
test_key_1.txt
test_key_2.gpg

[spiano@localhost work]$ rm test_key_1.gpg test_key_2.gpg


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.sig
test_key_1.txt





Next:

- sign using a specific key, producing an ASCII-encoded detached signature
- verify an ASCII-encoded detached signature, using a specific key

[later update: realised that I didn't specify a particular key to use when signing. did this later in the project.]



[spiano@localhost work]$ ls -1

foo.txt
foo.txt.sig
test_key_1.txt

[spiano@localhost work]$ gpg --armor --detach-sign foo.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
foo.txt.sig
test_key_1.txt

[spiano@localhost work]$ cat foo.txt.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgD4WAAoJEOBMkylHnZAG4ZIQAMv61DzDS+uE56JOaa4zFxng
P07MlCY2WJ7hcmz81O9n8SoQXH1IIu6xt389LcwSHtESz8KIJdKvabrIQbs6/bNm
LPXIhLYhYXA/tvOQjh41vXE0xeNAJHcjtfLHiJ1PZ4C8jbkyAK/9Aq2Aredb4bef
A3xv6zyhlgvfCv5lGKxInbk5w6EH+M/RPe+uqB+8Ae64ysH9AHqg/W2ygdJmnvKF
jwWqpt9vmicGY2G4HBJNnwqbf8mj4M2jn5wZMi6hIGWa5C1X7OgRZMPkaIClQJan
11pUanLzZcNZXSLSwZ+ckkFN9lXyuBZU/IHe7WpKHaB892qciMKy4AaCZOrFMGAM
nVf2qVA3KrFKBrLOliJskVrJZgeT+GKt2Lr3Gzf9C6qcmzEC8a9VlzeJXzoLRLCU
Ly6mPr47m2bEOP7/2UkH1BS8/dxEPZyXqCusajXpJ3/uR+A95Tl0miVwH0JS45Iu
reM4EYcZSGW6jBlUd1z0nzTBA3Wt+buvDXxSj31Zr8PpKoPx6JfCLKCewLtJt+EU
gsnBP18Jhh3aZdT0dYbdSCc6z7RMk1pUOj54VniQe0MnFsM+mUaTKGasl92hSMzz
TVWmg+HW3ldry49tiQG2vpyOWYfcjYWA0m1CrcQoFTitdcVQwA8NyFUE+lGYoELz
7Wcq2LF3i0S1cbEJLp6+
=1l/E
-----END PGP SIGNATURE-----

[spiano@localhost work]$ gpg --verify foo.txt foo.txt.asc

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

[spiano@localhost work]$ gpg --verify foo.txt.asc foo.txt

gpg: Signature made Wed 06 Mar 2019 09:39:34 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"

[using Test Key 1 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.asc foo.txt 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

1

[using Test Key 2 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.asc foo.txt 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

0




Good.






Next: Export key, delete key, import key. Verify foo.txt.sig to confirm successful import.



[spiano@localhost work]$ gpg --export "Test Key 1" > test_key_1.gpg



[spiano@localhost work]$ gpg --delete-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: there is a secret key for public key "Test Key 1"!
gpg: use option "--delete-secret-keys" to delete it first.


[spiano@localhost work]$ gpg --list-secret-keys

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04 sec 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06



[spiano@localhost work]$ gpg --list-secret-keys "Test Key 1"

sec 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04



[spiano@localhost work]$ gpg --export-secret-keys "Test Key 1"

[lots of binary garble]


[spiano@localhost work]$ gpg --export-secret-keys "Test Key 1" > test_key_1.gpg.secret



[spiano@localhost work]$ cat test_key_1.gpg.secret | xxd -plain

950718045c7d50e3011000cf817398ef37d2e902c6a63f7d6cb6ee2c7be2
eeee17d269db0419341a706f305aae0d5d922cd819496f66d07312e84306
507a9e5490d735219a0aba1957dd133c83bcaca5dbb6319a95bc5870a48c
a471112602eeb22883b13be82f35d5fbc42d8b62ede2d8be2a16e6d7dcba
8722784e704ce7bd98ca497d33b4c0dd33fc6f0880b18441c4cdfe932830
e0d0ee8d1c3f94b0b212d5d8e76192680ed0583135dcac7e95fea0e7f04b
e4a93630654203fb172ba5d745142203c6b0a1e27e864a573f02a5ef92c8
34e552d08b5eed1cbb5502b759e126daaae2825134f7b6c2f2d0a8285808
e49a24db72ae872a4898147c2be075ce938f0048b4b4bf716b4eab9f064b
77ec08bda5fed65e06413b813730ed1e7f99e790c140b9035895875d22ed
5a4cf0731a25b86b3e0409d69be5df2cb8634d9c56d045edb905b0dc0f23
90498736c62efc3475037dccaef1e3ed19e44b3a8da00dd87d8fb48474aa
b650c0ca7b736d7ddbcee24ad6eff7cd9ae572bbd0c4805a4f5bb828b7fd
59b4f7e5f826e394502926f6f4182320c9c980675699a9c40292bebd1273
ffee528453ff4a4bab661d2255aae50e80da0ba77c844785fd77d960cc3b
0690673eacfb3ea89ef4e1ec5139a541acf2a8f8a1901264ccfb04275ba0
d8693227e2e175cfca477b4560459dbc2f456939f969ff2db2bd7b56b0a2
9b73104d5d8247dedd396ca2a30011010001000ffd107cf949fc2c23e2a6
f950e97796655cbc85258d95b6a7de086ca57209edc82fffec979c494aad
eb28762525c8170704986259b3ee054a4c6afc9a009a95ec37a495d52ea4
c9360b6ffc98e8301f2b1bbfee3c667c4004cf1e0ca410e846b6082b1449
ca9c3d5bb2ed79ef4a173a38a775981fcc4438f94de8986cb2ec80be7cb6
20bfba421d98beb343bcca885f842febef6d30e12543e472d0d6dae27c37
80cfa5973364f5b528576776789b54d86f878a9a49c5b6b3f855f37a428a
c441f873414afd1371c6ddc92110f81a155e3496772e498285fb571bc37e
1f66d58b5d0eee65b24516a116efa707ae2ed270df23d4bab3b1b3f0e775
5f828339c86c8a3ae97e609e87d60819cd37f6522d11b374d435b8402cda
eff1703f4cf0ad91bbcef8d397a94cdf2ffb6c8ebb6d5e9072e52216e9f2
c8a7eb98b03d17b5400648ad9b9b19ab4d92228ca0dbea0bb3d624f3d129
e67f40d49d411fb8438ba8f3fbfe15e29a1e83233ed1683bb4e3fc31b5c3
ef44f6baba0ec072ecd5652967da2a19afd70945701b2a84b2adbebe21af
cce14a3f9af61e9bcb722a344e05fb29bfb3db447aacffe72540c1c7abf1
fc7934fbd574e41d8e5907de8087c0d1ceb12dab2ed836d3e7f01d6f6072
ca5ff8337ebc00504733167657c8fa4c07dbe692bd3877d6f9a9cdda797e
e337ff40eabb733861742da41923e26f4b128c8e9ed3e50800e36f25b2cc
46d48be1019853a6f5d727ab49acf883df2abf7c53209cf6f20b869825b5
992f7cb60805a5c66a5ed564fff170130dab7752ae4156616cb721a151ef
e6c3c97d4f2113120ef6e3d6eb457d97490e972f82fe81fd9486b3996018
a20968eefec9549a5f1d621699b6e64e51dc11f7ac01ef1612fb320829a0
4cf653e100b61e00befd9032708abc4889da281152f766950c25586846f0
68729a5f76985f11b501fb5dd96a65fbd480745a3d8f1c735ec620ed2542
9360d5e09d8997a30e916973a4b7eae0b7d1a2abd547b1754d1fb1f79681
1643cf3936f18fd582bfb84d53ed33c1632a7a83686ab6d726d78601c408
adc34caead5128e014a6d70800e9918771f33887be7755e6fa194e7e9a20
75932df6e283e7f095567877d8476434ece36a96d74c4d16a459d768249a
b51f4319a7e780bfdf44f608a0f0f450d3f2eaf71d8354c3582c02ed587b
bf9025a7c6c6a2e2872bc7d17e490dd5a8231517416e624fb04a4490a24a
b313a0f7497f5d9db5b591adc3f7c0c95017f5f35b0837d46ea67b8f2c99
5e0267ab44c4a7c7ebc88b17f20ff1cb897af7412e06097396a496da974d
1c8e8bf6bc322561588b5e894194d2292bed54ec598bf78536d6e694e7d1
13184da8f137c4933e7dee583713e0d98644521936edd2de02aa9cf39fb0
70e6c668cbe9436c47d0acfae7e2e7407579bbca37363187feddf5451508
0084090a8981949692d204e93e77506f84ad0c0cb841dd5808f5ae8613b3
340f21c16debabc3168e454e47b552586b4321c71c63276c263d3d433616
81a445c729c691c8e20b4a04351abe53e06e4925a1b5655f12c6a55a4c93
76b6f2347e77288501d4c3b9ebfc4f6864691858fe9e5d68585e97527190
ccc885052d5f2d842b1c1899f893e70b08616d144b8064725f7ded1f6a06
67c81aeb77207c15a3887e80b28e0a2c57a892fcffa80b3c471d8fc7ce08
f45d9fd2504418effffd9ae2fe116847ee2c3decf53394adc9d8625d729f
24b14158fb96b9307d3587b1ad72b75525e3dfcf29bce1f397f97fc180f6
263e20b6a5b953734febb6fdf89e9c89f492d2b41054657374204b657920
31203c6e40613e89023704130102002105025c7d50e3021b03060b090807
030206150802090a0b03160201021e01021780000a0910e04c9329479d90
065bf90ffb062b13c66072590f98f090c7483edfd0d2d8aeb2563dbabea8
fba83c324891c5de3cc4cd50bbd8c605885cf8c8d778cf69dd2c4b834a93
b4857a52ddd7bc1198139ba4ccc14ac7ab4f8c21ec67e6d8ab3c497495cc
e7095a212fbefb4c098eaa0625c519b79f8b6ede2ecdd8d3c372f0103e23
915d68befcd52150837863e6f0ab82c3779b8673df4a8270a6c38a5fb160
fab7895dafb8dce452d136ec3835f9dea4b7ad29716c42c12ca02fabc057
523387cf5efc3bfd4c7d388470226d8cb8240d1dde23b2022153cc679598
b568ed99c8807a2ea8a8a1cd6533d1f5e67ce8c5816920178fb7dc3900d7
da80f5fab36a659bf7b55dfb161e94e49f9046abd79f45bb22f173c3fed9
e7359e4f4b09fa0c7a98d99552f7cfea418d10bc5bf07a625fbc6215ce51
f3238cf220f10bf36432b332abbd1c858693bea929587228c0ea6e02308f
6d6a718db64bf3f2fb6db38e781247e99ea5c82d4440da1656419e6fccfc
d3bf351ad22c2748d69b17edbe7f0fa7856edf40d374e97e175bfa0b795e
9314f8bfe9bafcfd5a7f326adeb0b2465171bcc63eaa28912086e89955c5
1cfea8f677cea7a95fe4715a60722fb515034cc7e008d590db9932a1d33d
58e9e86347dc1a6e1e024d2756f00de8cab2ddec92f9e8ae1979808c0e48
7fc2232e7ceff9659caad46d5283964d5f2a41afcda37de528fd3a785365
e25cee871697839d0718045c7d50e3011000e761d9bb59b7ee03cc85b6af
56b99278d3821b318b8ef7e6917816e91283f94d65a58a35780a6659ef7e
a2a500c288380b59626a8fdd05de79088ea9de5df8aa3298655f47be94a7
9213595d3f9a80cc5ec5c53ce94f98ded0ae965706c809157a1990f63b81
4eb903dc881787ef2ed7d190a34e3a021b994db0e612c2aeabb9c2bb458e
54a1592dc0aab6972d3ab717c381dd4e34bbbe238db6a9b9bacd528a9102
6664886c5608e74615a1788ec6d64393a5e02a6eef105e9705448e742542
aad51893d47fe437d88abef87d904e2bd88faa37b8514b69b94c051f5207
49fe1c0fa2dc658d7ca5d60e23497709bb9c437828e7274e80114cb134ab
4525f4971cad993fb62d010f4c9af2f87dfd4563782d627fb701b04a1ef7
82e72cbd3ed4c882a5c5e7b21145a68c45b283716bf2dbfe2419ebd70312
bcc122677a61876c1d3e1d38d497bb699b7472f6494fa7c4046caefdf926
d0811e65028dd60b63a554b535291478292d92541ccee552f53c4b33c0a2
bbb14a3f2907536a05232cc902a13b218cceec0cf91da7fcc2e3f82c4582
2a752ea22a69da86e6bcf99718add61499d347e8b6e00b1af94dc390011a
373bd548c34b54b7b15ef30baf998db48721d99956dae45613904ee3b06d
d351d9faae5980f7f730bb0d36d289177c190b4f9b11f83d3d7ed70fca77
3e3f8292a844afb119960258adc1e80e0d5f20630011010001000fff6c2a
e0dc4651877a0c2b385f98c5f114fe1fd531a0c1e9df46832306bb8aa9c9
c66a908575843b1bf12bbcc2316c3fbd1f851e4e9dc9a03c444dbd4fe92d
fa192ac4f6a307c9aef9f57e8928e01a8cfabd956c2311190e689f9af69a
6187b343708cb2298260ed59edd5b36378bf56a13b0d88628218c9292e5a
33fc7239b0fb0aef7c5150fc0ad22a3f4453c127b13f713ced25e9de18c1
cb36a8fab43ad74b030661b2beda12905ff9f213c5e5cd4b8e54e0573ecf
14808d0fc1bd2e715a97e37ff258ed9f0a24175da9704656e74c75159868
2b090a1db72bb43b53a027b59d0dac3fa753f1011fe405180b87a7c6a1fd
f2f538f968426e1d6b7763c09e2a00de102f415b2a2e0d2f38f2a11fda3f
d59132f748d12a7fd505a4a9c27b05c617fc33b17a8eddf05f99748ca913
50815a5cb25394e4a536089fe45c50d4d9f49782b362aa3bf490dcae7b3b
38d4ab18de92bc66e136edd6cbfa7268530d58307717177b6b9b674acd6a
6b50351e58491823fe00ccf4eec9c4e5b4de64e1b9ae9c95f8d1aaf29aee
1c635c54117f8c76e77eeb5ea81e44f6b7e2db72206ebd985a51a2723dd0
a8248521091bdf0eef3dc00bda7348d0fbd6d5aa2b1cd4f843883e4c4966
5ae6fce8c484357f8b9337550e68b525d425ab95480528a78c0b3ecb737d
e3a147f0f16136936f1bed53a3cc78da413662fc3bdd29e4cbbf26120bbd
0800ea80b226b38e1ffd22186b4bc8fad6f54b99d421bc992725d42dca1f
e1ea9e0aaf1e03255477ae273d4743f90999af24eb5ec8660d6b6faf7f27
f56713d0dc81e744538699b59c9d41afdba866b65e30f1697f0254ea84c7
35fbc447895e3353bc7936be39263759f25a3e8b0e39976c57f6e68ba177
215929675c069bc347146aaecda67eaf7f2804778fe69102fecd400644b6
0687a686a647785a96aa02854227ec9b0fc94a75a768b24af76aa0ee1018
b3f690d7522f30423e0375164e3cf0077caa9891dc11127092576d82b4d0
0e0e466bf8434ecada0effa5187e8188c5ef479eb901436e9890589c2429
07d40d24e007d1410628e253e30539327f0f0800fc97ec4be7a83ee67aa1
8fed5d0a41f264ab1d6d2aa589df77284741fcbc575313d02b1be333d504
bcded90a0ed7d4295fc4327e693309180c633c3737933494b5ef005e8111
0c499d39b3bcbb794a213dfd4f31eb6fc9ade2ab2ce9c8e45c2241c28df9
425d6e346dd19435fdb92465680359b7d26849277a1cc304868a17e9978b
92b45935aa4fc9261d8189ea0c7d5512fde93509f744b01f1994eb4290dd
ce91d2754903c9817a7501b68dc59300d69c9d61dca762523671e67a38b5
009a38dfeaba97a757602d9078f4b75ff56e9387345d34d9f18a66ae8559
249ec9915e0d5d5ac2839ee691f10815e1919cff843a40a26219a4c71ea6
40ba8520896d07ff77cf4b1617f95a5ca840a302c3148d0576ed5adeb224
ce4c81957222cc275864601f4bafbbb809b429442e1f6265c888c90c1616
8807991b6edc02bf65b560b1f23ade4b0b044fca955263a9b306ca1d4112
43d0883ed336a2b8503ea5ca3f19f13e2631efd353a2928fcb6afb2c0b5c
bf3d1dce95c8dfd060a9b4c5b6d20f38822f4e30871079eeb45e337eb91f
a8a7d459c709ac06630a51b4dab6cfbb0455b9a56dadfbfb2fa9825bbf5c
efc5e278223310e6563285a020ce67c7d11e907a3d781183d1e3ae7bb5fa
3d73a03b3c3d75ef4f47a41b531a9d4f7af24b36d8f25fd588412ce61e49
c60fb87a66443f364e9074ab243b3764a9e5b2b2ddc32f3d6c1989021f04
180102000905025c7d50e3021b0c000a0910e04c9329479d900604590fff
6c40123a1a3f2e3966103aa01bc900af6ea3417d1d4ed190954f50342f54
0910f8530d160933762d8754e2b511beabfc51cfd9bf4c322ad5784f541c
4fa24ef47b51f359f5328c7710c1ea551be325484416ffaf193cecd0cf09
534f03b8189f212a338b552cebc72e8ff4075e9c65941a49f8576c2c36ab
e3f2d38752c3f1f60930aa15018261c48c93c789ae346eb4af8de3737b14
14691fa1b616cc6d2733d2d04983f7e6a34159d1e3bcc98699240044cccf
98b9e917f118d909a6f7aaf35ca56bcddcebe5aba48a0ca64272529e34fe
5a0da1e300342952da1ade87b721d7215987fc048d0dbe4f9c5eebf876cd
8e9be07b8e78aae4b4ae1d892e07a8458ed6642902f6dc012dae7129aeeb
6ac3d34746aa9e8a38f9a9f1b1c6f1d219f4ef31511761ac95ad40f38c98
7f555c57d1d15fae947fd0b12b90699cc15cca04ce64da759992bc352622
fd5ef9eaf5c349c48605403bdf6ad3e36fef4c8a3030244a7086643c082f
7839d7e67ac0c7e17a1aab0b290e19e9686f8ef7850e2d49ea832f191e6d
870ed8a40ccea1cf7ee3d6c6fc6ec5be56c2fa5a69884904849ad594b829
c8a9d8ed2afa8d2e0ba3927581fabe43057e18ab4068f15bcb06453f19b9
76b2862be8b23bd59c1dc660301541b9e3153dd568748f608481dd7141d2
4c8abc526d80b6cdb7d087399017ad20f700915d82438d4dfc916c5ff947
0fb1


[spiano@localhost work]$ cat test_key_1.gpg | xxd -plain

99020d045c7d50e3011000cf817398ef37d2e902c6a63f7d6cb6ee2c7be2
eeee17d269db0419341a706f305aae0d5d922cd819496f66d07312e84306
507a9e5490d735219a0aba1957dd133c83bcaca5dbb6319a95bc5870a48c
a471112602eeb22883b13be82f35d5fbc42d8b62ede2d8be2a16e6d7dcba
8722784e704ce7bd98ca497d33b4c0dd33fc6f0880b18441c4cdfe932830
e0d0ee8d1c3f94b0b212d5d8e76192680ed0583135dcac7e95fea0e7f04b
e4a93630654203fb172ba5d745142203c6b0a1e27e864a573f02a5ef92c8
34e552d08b5eed1cbb5502b759e126daaae2825134f7b6c2f2d0a8285808
e49a24db72ae872a4898147c2be075ce938f0048b4b4bf716b4eab9f064b
77ec08bda5fed65e06413b813730ed1e7f99e790c140b9035895875d22ed
5a4cf0731a25b86b3e0409d69be5df2cb8634d9c56d045edb905b0dc0f23
90498736c62efc3475037dccaef1e3ed19e44b3a8da00dd87d8fb48474aa
b650c0ca7b736d7ddbcee24ad6eff7cd9ae572bbd0c4805a4f5bb828b7fd
59b4f7e5f826e394502926f6f4182320c9c980675699a9c40292bebd1273
ffee528453ff4a4bab661d2255aae50e80da0ba77c844785fd77d960cc3b
0690673eacfb3ea89ef4e1ec5139a541acf2a8f8a1901264ccfb04275ba0
d8693227e2e175cfca477b4560459dbc2f456939f969ff2db2bd7b56b0a2
9b73104d5d8247dedd396ca2a30011010001b41054657374204b65792031
203c6e40613e89023704130102002105025c7d50e3021b03060b09080703
0206150802090a0b03160201021e01021780000a0910e04c9329479d9006
5bf90ffb062b13c66072590f98f090c7483edfd0d2d8aeb2563dbabea8fb
a83c324891c5de3cc4cd50bbd8c605885cf8c8d778cf69dd2c4b834a93b4
857a52ddd7bc1198139ba4ccc14ac7ab4f8c21ec67e6d8ab3c497495cce7
095a212fbefb4c098eaa0625c519b79f8b6ede2ecdd8d3c372f0103e2391
5d68befcd52150837863e6f0ab82c3779b8673df4a8270a6c38a5fb160fa
b7895dafb8dce452d136ec3835f9dea4b7ad29716c42c12ca02fabc05752
3387cf5efc3bfd4c7d388470226d8cb8240d1dde23b2022153cc679598b5
68ed99c8807a2ea8a8a1cd6533d1f5e67ce8c5816920178fb7dc3900d7da
80f5fab36a659bf7b55dfb161e94e49f9046abd79f45bb22f173c3fed9e7
359e4f4b09fa0c7a98d99552f7cfea418d10bc5bf07a625fbc6215ce51f3
238cf220f10bf36432b332abbd1c858693bea929587228c0ea6e02308f6d
6a718db64bf3f2fb6db38e781247e99ea5c82d4440da1656419e6fccfcd3
bf351ad22c2748d69b17edbe7f0fa7856edf40d374e97e175bfa0b795e93
14f8bfe9bafcfd5a7f326adeb0b2465171bcc63eaa28912086e89955c51c
fea8f677cea7a95fe4715a60722fb515034cc7e008d590db9932a1d33d58
e9e86347dc1a6e1e024d2756f00de8cab2ddec92f9e8ae1979808c0e487f
c2232e7ceff9659caad46d5283964d5f2a41afcda37de528fd3a785365e2
5cee87169783b9020d045c7d50e3011000e761d9bb59b7ee03cc85b6af56
b99278d3821b318b8ef7e6917816e91283f94d65a58a35780a6659ef7ea2
a500c288380b59626a8fdd05de79088ea9de5df8aa3298655f47be94a792
13595d3f9a80cc5ec5c53ce94f98ded0ae965706c809157a1990f63b814e
b903dc881787ef2ed7d190a34e3a021b994db0e612c2aeabb9c2bb458e54
a1592dc0aab6972d3ab717c381dd4e34bbbe238db6a9b9bacd528a910266
64886c5608e74615a1788ec6d64393a5e02a6eef105e9705448e742542aa
d51893d47fe437d88abef87d904e2bd88faa37b8514b69b94c051f520749
fe1c0fa2dc658d7ca5d60e23497709bb9c437828e7274e80114cb134ab45
25f4971cad993fb62d010f4c9af2f87dfd4563782d627fb701b04a1ef782
e72cbd3ed4c882a5c5e7b21145a68c45b283716bf2dbfe2419ebd70312bc
c122677a61876c1d3e1d38d497bb699b7472f6494fa7c4046caefdf926d0
811e65028dd60b63a554b535291478292d92541ccee552f53c4b33c0a2bb
b14a3f2907536a05232cc902a13b218cceec0cf91da7fcc2e3f82c45822a
752ea22a69da86e6bcf99718add61499d347e8b6e00b1af94dc390011a37
3bd548c34b54b7b15ef30baf998db48721d99956dae45613904ee3b06dd3
51d9faae5980f7f730bb0d36d289177c190b4f9b11f83d3d7ed70fca773e
3f8292a844afb119960258adc1e80e0d5f2063001101000189021f041801
02000905025c7d50e3021b0c000a0910e04c9329479d900604590fff6c40
123a1a3f2e3966103aa01bc900af6ea3417d1d4ed190954f50342f540910
f8530d160933762d8754e2b511beabfc51cfd9bf4c322ad5784f541c4fa2
4ef47b51f359f5328c7710c1ea551be325484416ffaf193cecd0cf09534f
03b8189f212a338b552cebc72e8ff4075e9c65941a49f8576c2c36abe3f2
d38752c3f1f60930aa15018261c48c93c789ae346eb4af8de3737b141469
1fa1b616cc6d2733d2d04983f7e6a34159d1e3bcc98699240044cccf98b9
e917f118d909a6f7aaf35ca56bcddcebe5aba48a0ca64272529e34fe5a0d
a1e300342952da1ade87b721d7215987fc048d0dbe4f9c5eebf876cd8e9b
e07b8e78aae4b4ae1d892e07a8458ed6642902f6dc012dae7129aeeb6ac3
d34746aa9e8a38f9a9f1b1c6f1d219f4ef31511761ac95ad40f38c987f55
5c57d1d15fae947fd0b12b90699cc15cca04ce64da759992bc352622fd5e
f9eaf5c349c48605403bdf6ad3e36fef4c8a3030244a7086643c082f7839
d7e67ac0c7e17a1aab0b290e19e9686f8ef7850e2d49ea832f191e6d870e
d8a40ccea1cf7ee3d6c6fc6ec5be56c2fa5a69884904849ad594b829c8a9
d8ed2afa8d2e0ba3927581fabe43057e18ab4068f15bcb06453f19b976b2
862be8b23bd59c1dc660301541b9e3153dd568748f608481dd7141d24c8a
bc526d80b6cdb7d087399017ad20f700915d82438d4dfc916c5ff9470fb1


[spiano@localhost work]$ gpg --delete-secret-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y


[spiano@localhost work]$ gpg --delete-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y


[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Can't check signature: public key not found


[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
[GNUPG:] ERRSIG E04C9329479D9006 1 2 00 1551897101 9
[GNUPG:] NO_PUBKEY E04C9329479D9006
gpg: Can't check signature: public key not found


[spiano@localhost work]$ gpg --import test_key_1.gpg

gpg: key 479D9006: public key "Test Key 1 <n@a>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)



[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006 gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006



[spiano@localhost work]$ gpg --import test_key_1.gpg.secret

gpg: key 479D9006: secret key imported gpg: key 479D9006: "Test Key 1 <n@a>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1



[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006 gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006




Notes:
- I had to do some reading to find out how to export the secret key.
- The signature file foo.txt.sig appears to contain only the short and long key IDs (but not the key fingerprint, which would have been preferable).
- The exported binary key files (test_key_1.gpg and test_key_1.gpg.secret) are encoded in a format that specifies whether they are public or private GPG keys. The same command (
gpg --import [file_path]
) is used to import both types of file.



Comparing the last command and its output with this earlier command and its output:

[spiano@localhost work]$ gpg --no-default-keyring --keyring /tmp/test_key_2.gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"



I see that GPG now adds a warning. I suspect that when a private key is deleted, its entries within GPG's trust database are removed, and that when it is imported again, the lack of these entries causes a warning to be printed when verifying a signature made by this key.







Next:
- import ASCII-encoded key


Hm.


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
foo.txt.sig
test_key_1.gpg
test_key_1.gpg.secret
test_key_1.txt



test_key_1.txt contains the ASCII-armored public key of Test Key 1.

Planned sequence:
- Export ASCII-armored private key of Test Key 1 to test_key_1.txt.secret.
- Delete private and public keys of Test Key 1
- Attempt verification of foo.txt.sig.
- Import ASCII-armored private key and ASCII-armored public key of Test Key 1.
- Attempt verification of foo.txt.sig. Successful verification will confirm that the import has worked properly.



[spiano@localhost work]$ gpg --armor --export-secret-keys "Test Key 1" > test_key_1.txt.secret



[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
foo.txt.sig
test_key_1.gpg
test_key_1.gpg.secret
test_key_1.txt
test_key_1.txt.secret


[spiano@localhost work]$ cat test_key_1.txt.secret

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

lQcYBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
AA/9EHz5SfwsI+Km+VDpd5ZlXLyFJY2VtqfeCGylcgntyC//7JecSUqt6yh2JSXI
FwcEmGJZs+4FSkxq/JoAmpXsN6SV1S6kyTYLb/yY6DAfKxu/7jxmfEAEzx4MpBDo
RrYIKxRJypw9W7Ltee9KFzo4p3WYH8xEOPlN6JhssuyAvny2IL+6Qh2YvrNDvMqI
X4Qv6+9tMOElQ+Ry0Nba4nw3gM+llzNk9bUoV2d2eJtU2G+HippJxbaz+FXzekKK
xEH4c0FK/RNxxt3JIRD4GhVeNJZ3LkmChftXG8N+H2bVi10O7mWyRRahFu+nB64u
0nDfI9S6s7Gz8Od1X4KDOchsijrpfmCeh9YIGc039lItEbN01DW4QCza7/FwP0zw
rZG7zvjTl6lM3y/7bI67bV6QcuUiFunyyKfrmLA9F7VABkitm5sZq02SIoyg2+oL
s9Yk89Ep5n9A1J1BH7hDi6jz+/4V4poegyM+0Wg7tOP8MbXD70T2uroOwHLs1WUp
Z9oqGa/XCUVwGyqEsq2+viGvzOFKP5r2HpvLcio0TgX7Kb+z20R6rP/nJUDBx6vx
/Hk0+9V05B2OWQfegIfA0c6xLasu2DbT5/Adb2Byyl/4M368AFBHMxZ2V8j6TAfb
5pK9OHfW+anN2nl+4zf/QOq7czhhdC2kGSPib0sSjI6e0+UIAONvJbLMRtSL4QGY
U6b11yerSaz4g98qv3xTIJz28guGmCW1mS98tggFpcZqXtVk//FwEw2rd1KuQVZh
bLchoVHv5sPJfU8hExIO9uPW60V9l0kOly+C/oH9lIazmWAYoglo7v7JVJpfHWIW
mbbmTlHcEfesAe8WEvsyCCmgTPZT4QC2HgC+/ZAycIq8SInaKBFS92aVDCVYaEbw
aHKaX3aYXxG1Aftd2Wpl+9SAdFo9jxxzXsYg7SVCk2DV4J2Jl6MOkWlzpLfq4LfR
oqvVR7F1TR+x95aBFkPPOTbxj9WCv7hNU+0zwWMqeoNoarbXJteGAcQIrcNMrq1R
KOAUptcIAOmRh3HzOIe+d1Xm+hlOfpogdZMt9uKD5/CVVnh32EdkNOzjapbXTE0W
pFnXaCSatR9DGafngL/fRPYIoPD0UNPy6vcdg1TDWCwC7Vh7v5Alp8bGouKHK8fR
fkkN1agjFRdBbmJPsEpEkKJKsxOg90l/XZ21tZGtw/fAyVAX9fNbCDfUbqZ7jyyZ
XgJnq0TEp8fryIsX8g/xy4l690EuBglzlqSW2pdNHI6L9rwyJWFYi16JQZTSKSvt
VOxZi/eFNtbmlOfRExhNqPE3xJM+fe5YNxPg2YZEUhk27dLeAqqc85+wcObGaMvp
Q2xH0Kz65+LnQHV5u8o3NjGH/t31RRUIAIQJComBlJaS0gTpPndQb4StDAy4Qd1Y
CPWuhhOzNA8hwW3rq8MWjkVOR7VSWGtDIcccYydsJj09QzYWgaRFxynGkcjiC0oE
NRq+U+BuSSWhtWVfEsalWkyTdrbyNH53KIUB1MO56/xPaGRpGFj+nl1oWF6XUnGQ
zMiFBS1fLYQrHBiZ+JPnCwhhbRRLgGRyX33tH2oGZ8ga63cgfBWjiH6Aso4KLFeo
kvz/qAs8Rx2Px84I9F2f0lBEGO///Zri/hFoR+4sPez1M5StydhiXXKfJLFBWPuW
uTB9NYexrXK3VSXj388pvOHzl/l/wYD2Jj4gtqW5U3NP67b9+J6cifSS0rQQVGVz
dCBLZXkgMSA8bkBhPokCNwQTAQIAIQUCXH1Q4wIbAwYLCQgHAwIGFQgCCQoLAxYC
AQIeAQIXgAAKCRDgTJMpR52QBlv5D/sGKxPGYHJZD5jwkMdIPt/Q0tiuslY9ur6o
+6g8MkiRxd48xM1Qu9jGBYhc+MjXeM9p3SxLg0qTtIV6Ut3XvBGYE5ukzMFKx6tP
jCHsZ+bYqzxJdJXM5wlaIS+++0wJjqoGJcUZt5+Lbt4uzdjTw3LwED4jkV1ovvzV
IVCDeGPm8KuCw3ebhnPfSoJwpsOKX7Fg+reJXa+43ORS0TbsODX53qS3rSlxbELB
LKAvq8BXUjOHz178O/1MfTiEcCJtjLgkDR3eI7ICIVPMZ5WYtWjtmciAei6oqKHN
ZTPR9eZ86MWBaSAXj7fcOQDX2oD1+rNqZZv3tV37Fh6U5J+QRqvXn0W7IvFzw/7Z
5zWeT0sJ+gx6mNmVUvfP6kGNELxb8HpiX7xiFc5R8yOM8iDxC/NkMrMyq70chYaT
vqkpWHIowOpuAjCPbWpxjbZL8/L7bbOOeBJH6Z6lyC1EQNoWVkGeb8z80781GtIs
J0jWmxftvn8Pp4Vu30DTdOl+F1v6C3lekxT4v+m6/P1afzJq3rCyRlFxvMY+qiiR
IIbomVXFHP6o9nfOp6lf5HFaYHIvtRUDTMfgCNWQ25kyodM9WOnoY0fcGm4eAk0n
VvAN6Mqy3eyS+eiuGXmAjA5If8IjLnzv+WWcqtRtUoOWTV8qQa/No33lKP06eFNl
4lzuhxaXg50HGARcfVDjARAA52HZu1m37gPMhbavVrmSeNOCGzGLjvfmkXgW6RKD
+U1lpYo1eApmWe9+oqUAwog4C1liao/dBd55CI6p3l34qjKYZV9HvpSnkhNZXT+a
gMxexcU86U+Y3tCullcGyAkVehmQ9juBTrkD3IgXh+8u19GQo046AhuZTbDmEsKu
q7nCu0WOVKFZLcCqtpctOrcXw4HdTjS7viONtqm5us1SipECZmSIbFYI50YVoXiO
xtZDk6XgKm7vEF6XBUSOdCVCqtUYk9R/5DfYir74fZBOK9iPqje4UUtpuUwFH1IH
Sf4cD6LcZY18pdYOI0l3CbucQ3go5ydOgBFMsTSrRSX0lxytmT+2LQEPTJry+H39
RWN4LWJ/twGwSh73gucsvT7UyIKlxeeyEUWmjEWyg3Fr8tv+JBnr1wMSvMEiZ3ph
h2wdPh041Je7aZt0cvZJT6fEBGyu/fkm0IEeZQKN1gtjpVS1NSkUeCktklQczuVS
9TxLM8Ciu7FKPykHU2oFIyzJAqE7IYzO7Az5Haf8wuP4LEWCKnUuoipp2obmvPmX
GK3WFJnTR+i24Asa+U3DkAEaNzvVSMNLVLexXvMLr5mNtIch2ZlW2uRWE5BO47Bt
01HZ+q5ZgPf3MLsNNtKJF3wZC0+bEfg9PX7XD8p3Pj+CkqhEr7EZlgJYrcHoDg1f
IGMAEQEAAQAP/2wq4NxGUYd6DCs4X5jF8RT+H9UxoMHp30aDIwa7iqnJxmqQhXWE
OxvxK7zCMWw/vR+FHk6dyaA8RE29T+kt+hkqxPajB8mu+fV+iSjgGoz6vZVsIxEZ
DmifmvaaYYezQ3CMsimCYO1Z7dWzY3i/VqE7DYhighjJKS5aM/xyObD7Cu98UVD8
CtIqP0RTwSexP3E87SXp3hjByzao+rQ610sDBmGyvtoSkF/58hPF5c1LjlTgVz7P
FICND8G9LnFal+N/8ljtnwokF12pcEZW50x1FZhoKwkKHbcrtDtToCe1nQ2sP6dT
8QEf5AUYC4enxqH98vU4+WhCbh1rd2PAnioA3hAvQVsqLg0vOPKhH9o/1ZEy90jR
Kn/VBaSpwnsFxhf8M7F6jt3wX5l0jKkTUIFaXLJTlOSlNgif5FxQ1Nn0l4KzYqo7
9JDcrns7ONSrGN6SvGbhNu3Wy/pyaFMNWDB3Fxd7a5tnSs1qa1A1HlhJGCP+AMz0
7snE5bTeZOG5rpyV+NGq8pruHGNcVBF/jHbnfuteqB5E9rfi23Igbr2YWlGicj3Q
qCSFIQkb3w7vPcAL2nNI0PvW1aorHNT4Q4g+TElmWub86MSENX+LkzdVDmi1JdQl
q5VIBSinjAs+y3N946FH8PFhNpNvG+1To8x42kE2Yvw73Snky78mEgu9CADqgLIm
s44f/SIYa0vI+tb1S5nUIbyZJyXULcof4eqeCq8eAyVUd64nPUdD+QmZryTrXshm
DWtvr38n9WcT0NyB50RThpm1nJ1Br9uoZrZeMPFpfwJU6oTHNfvER4leM1O8eTa+
OSY3WfJaPosOOZdsV/bmi6F3IVkpZ1wGm8NHFGquzaZ+r38oBHeP5pEC/s1ABkS2
BoemhqZHeFqWqgKFQifsmw/JSnWnaLJK92qg7hAYs/aQ11IvMEI+A3UWTjzwB3yq
mJHcERJwkldtgrTQDg5Ga/hDTsraDv+lGH6BiMXvR565AUNumJBYnCQpB9QNJOAH
0UEGKOJT4wU5Mn8PCAD8l+xL56g+5nqhj+1dCkHyZKsdbSqlid93KEdB/LxXUxPQ
KxvjM9UEvN7ZCg7X1ClfxDJ+aTMJGAxjPDc3kzSUte8AXoERDEmdObO8u3lKIT39
TzHrb8mt4qss6cjkXCJBwo35Ql1uNG3RlDX9uSRlaANZt9JoSSd6HMMEhooX6ZeL
krRZNapPySYdgYnqDH1VEv3pNQn3RLAfGZTrQpDdzpHSdUkDyYF6dQG2jcWTANac
nWHcp2JSNnHmeji1AJo43+q6l6dXYC2QePS3X/Vuk4c0XTTZ8YpmroVZJJ7JkV4N
XVrCg57mkfEIFeGRnP+EOkCiYhmkxx6mQLqFIIltB/93z0sWF/laXKhAowLDFI0F
du1a3rIkzkyBlXIizCdYZGAfS6+7uAm0KUQuH2JlyIjJDBYWiAeZG27cAr9ltWCx
8jreSwsET8qVUmOpswbKHUESQ9CIPtM2orhQPqXKPxnxPiYx79NTopKPy2r7LAtc
vz0dzpXI39BgqbTFttIPOIIvTjCHEHnutF4zfrkfqKfUWccJrAZjClG02rbPuwRV
uaVtrfv7L6mCW79c78XieCIzEOZWMoWgIM5nx9EekHo9eBGD0eOue7X6PXOgOzw9
de9PR6QbUxqdT3rySzbY8l/ViEEs5h5Jxg+4emZEPzZOkHSrJDs3ZKnlsrLdwy89
bBmJAh8EGAECAAkFAlx9UOMCGwwACgkQ4EyTKUedkAYEWQ//bEASOho/LjlmEDqg
G8kAr26jQX0dTtGQlU9QNC9UCRD4Uw0WCTN2LYdU4rURvqv8Uc/Zv0wyKtV4T1Qc
T6JO9HtR81n1Mox3EMHqVRvjJUhEFv+vGTzs0M8JU08DuBifISozi1Us68cuj/QH
XpxllBpJ+FdsLDar4/LTh1LD8fYJMKoVAYJhxIyTx4muNG60r43jc3sUFGkfobYW
zG0nM9LQSYP35qNBWdHjvMmGmSQARMzPmLnpF/EY2Qmm96rzXKVrzdzr5aukigym
QnJSnjT+Wg2h4wA0KVLaGt6HtyHXIVmH/ASNDb5PnF7r+HbNjpvge454quS0rh2J
LgeoRY7WZCkC9twBLa5xKa7rasPTR0aqnoo4+anxscbx0hn07zFRF2Gsla1A84yY
f1VcV9HRX66Uf9CxK5BpnMFcygTOZNp1mZK8NSYi/V756vXDScSGBUA732rT42/v
TIowMCRKcIZkPAgveDnX5nrAx+F6GqsLKQ4Z6WhvjveFDi1J6oMvGR5thw7YpAzO
oc9+49bG/G7FvlbC+lppiEkEhJrVlLgpyKnY7Sr6jS4Lo5J1gfq+QwV+GKtAaPFb
ywZFPxm5drKGK+iyO9WcHcZgMBVBueMVPdVodI9ghIHdcUHSTIq8Um2Ats230Ic5
kBetIPcAkV2CQ41N/JFsX/lHD7E=
=+Zl9
-----END PGP PRIVATE KEY BLOCK-----


[spiano@localhost work]$ gpg --delete-secret-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y


[spiano@localhost work]$ gpg --delete-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y


[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Can't check signature: public key not found


[spiano@localhost work]$ gpg --import test_key_1.txt.secret

gpg: key 479D9006: secret key imported gpg: key 479D9006: public key "Test Key 1 <n@a>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: secret keys read: 1 gpg: secret keys imported: 1



[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006 gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006




Interesting. I hadn't imported the public key, but the verification worked. Perhaps, if a private key is imported, GPG generates the corresponding public key.



[spiano@localhost work]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


[spiano@localhost work]$ gpg --list-secret-keys

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04




Yup. Public key is present.


Hm. I'd like to double-check this.


[spiano@localhost work]$ gpg --delete-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: there is a secret key for public key "Test Key 1"!
gpg: use option "--delete-secret-keys" to delete it first.


[spiano@localhost work]$ gpg --delete-secret-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y


[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006 gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006



[spiano@localhost work]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04



[spiano@localhost work]$ gpg --list-secret-keys

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06



[spiano@localhost work]$ gpg --delete-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y


[spiano@localhost work]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06



[spiano@localhost work]$ gpg --list-secret-keys

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06



[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Can't check signature: public key not found


[spiano@localhost work]$ gpg --import test_key_1.txt.secret

gpg: key 479D9006: secret key imported gpg: key 479D9006: public key "Test Key 1 <n@a>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: secret keys read: 1 gpg: secret keys imported: 1



[spiano@localhost work]$ gpg --list-secret-keys

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04



[spiano@localhost work]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04



[spiano@localhost work]$ gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006 gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006





Notes:
- If a private key also exists, GPG requires that the private key must be deleted before the public key is deleted.
- To verify a signature, only the public key is needed.
- Importing a private key causes GPG to construct and store the corresponding public key.




I'm going to go through the export key / delete key / import key / verify_signature sequence again, but using fingerprints instead. I'm also going to use ASCII armoring throughout, as I prefer to use workflows in which the intermediate results are readable.



Test Key 1 fingerprint without spaces:
22D2012D82FA14F44A3AC9BEE04C9329479D9006




[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
foo.txt.sig
test_key_1.gpg
test_key_1.gpg.secret
test_key_1.txt
test_key_1.txt.secret


[spiano@localhost work]$ rm test_key_1.gpg test_key_1.gpg.secret test_key_1.txt test_key_1.txt.secret



[spiano@localhost work]$ rm foo.txt.sig



[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc


[spiano@localhost work]$ gpg --armor --export 22D2012D82FA14F44A3AC9BEE04C9329479D9006 > test_key_1.public.asc



[spiano@localhost work]$ cat test_key_1.public.asc

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
tBBUZXN0IEtleSAxIDxuQGE+iQI3BBMBAgAhBQJcfVDjAhsDBgsJCAcDAgYVCAIJ
CgsDFgIBAh4BAheAAAoJEOBMkylHnZAGW/kP+wYrE8ZgclkPmPCQx0g+39DS2K6y
Vj26vqj7qDwySJHF3jzEzVC72MYFiFz4yNd4z2ndLEuDSpO0hXpS3de8EZgTm6TM
wUrHq0+MIexn5tirPEl0lcznCVohL777TAmOqgYlxRm3n4tu3i7N2NPDcvAQPiOR
XWi+/NUhUIN4Y+bwq4LDd5uGc99KgnCmw4pfsWD6t4ldr7jc5FLRNuw4NfnepLet
KXFsQsEsoC+rwFdSM4fPXvw7/Ux9OIRwIm2MuCQNHd4jsgIhU8xnlZi1aO2ZyIB6
Lqiooc1lM9H15nzoxYFpIBePt9w5ANfagPX6s2plm/e1XfsWHpTkn5BGq9efRbsi
8XPD/tnnNZ5PSwn6DHqY2ZVS98/qQY0QvFvwemJfvGIVzlHzI4zyIPEL82QyszKr
vRyFhpO+qSlYcijA6m4CMI9tanGNtkvz8vtts454EkfpnqXILURA2hZWQZ5vzPzT
vzUa0iwnSNabF+2+fw+nhW7fQNN06X4XW/oLeV6TFPi/6br8/Vp/MmresLJGUXG8
xj6qKJEghuiZVcUc/qj2d86nqV/kcVpgci+1FQNMx+AI1ZDbmTKh0z1Y6ehjR9wa
bh4CTSdW8A3oyrLd7JL56K4ZeYCMDkh/wiMufO/5ZZyq1G1Sg5ZNXypBr82jfeUo
/Tp4U2XiXO6HFpeDuQINBFx9UOMBEADnYdm7WbfuA8yFtq9WuZJ404IbMYuO9+aR
eBbpEoP5TWWlijV4CmZZ736ipQDCiDgLWWJqj90F3nkIjqneXfiqMphlX0e+lKeS
E1ldP5qAzF7FxTzpT5je0K6WVwbICRV6GZD2O4FOuQPciBeH7y7X0ZCjTjoCG5lN
sOYSwq6rucK7RY5UoVktwKq2ly06txfDgd1ONLu+I422qbm6zVKKkQJmZIhsVgjn
RhWheI7G1kOTpeAqbu8QXpcFRI50JUKq1RiT1H/kN9iKvvh9kE4r2I+qN7hRS2m5
TAUfUgdJ/hwPotxljXyl1g4jSXcJu5xDeCjnJ06AEUyxNKtFJfSXHK2ZP7YtAQ9M
mvL4ff1FY3gtYn+3AbBKHveC5yy9PtTIgqXF57IRRaaMRbKDcWvy2/4kGevXAxK8
wSJnemGHbB0+HTjUl7tpm3Ry9klPp8QEbK79+SbQgR5lAo3WC2OlVLU1KRR4KS2S
VBzO5VL1PEszwKK7sUo/KQdTagUjLMkCoTshjM7sDPkdp/zC4/gsRYIqdS6iKmna
hua8+ZcYrdYUmdNH6LbgCxr5TcOQARo3O9VIw0tUt7Fe8wuvmY20hyHZmVba5FYT
kE7jsG3TUdn6rlmA9/cwuw020okXfBkLT5sR+D09ftcPync+P4KSqESvsRmWAlit
wegODV8gYwARAQABiQIfBBgBAgAJBQJcfVDjAhsMAAoJEOBMkylHnZAGBFkP/2xA
EjoaPy45ZhA6oBvJAK9uo0F9HU7RkJVPUDQvVAkQ+FMNFgkzdi2HVOK1Eb6r/FHP
2b9MMirVeE9UHE+iTvR7UfNZ9TKMdxDB6lUb4yVIRBb/rxk87NDPCVNPA7gYnyEq
M4tVLOvHLo/0B16cZZQaSfhXbCw2q+Py04dSw/H2CTCqFQGCYcSMk8eJrjRutK+N
43N7FBRpH6G2FsxtJzPS0EmD9+ajQVnR47zJhpkkAETMz5i56RfxGNkJpveq81yl
a83c6+WrpIoMpkJyUp40/loNoeMANClS2hreh7ch1yFZh/wEjQ2+T5xe6/h2zY6b
4HuOeKrktK4diS4HqEWO1mQpAvbcAS2ucSmu62rD00dGqp6KOPmp8bHG8dIZ9O8x
URdhrJWtQPOMmH9VXFfR0V+ulH/QsSuQaZzBXMoEzmTadZmSvDUmIv1e+er1w0nE
hgVAO99q0+Nv70yKMDAkSnCGZDwIL3g51+Z6wMfhehqrCykOGelob473hQ4tSeqD
LxkebYcO2KQMzqHPfuPWxvxuxb5WwvpaaYhJBISa1ZS4Kcip2O0q+o0uC6OSdYH6
vkMFfhirQGjxW8sGRT8ZuXayhivosjvVnB3GYDAVQbnjFT3VaHSPYISB3XFB0kyK
vFJtgLbNt9CHOZAXrSD3AJFdgkONTfyRbF/5Rw+x
=vmax
-----END PGP PUBLIC KEY BLOCK-----


[spiano@localhost work]$ gpg --armor --export-secret-keys 22D2012D82FA14F44A3AC9BEE04C9329479D9006 > test_key_1.private.asc



[spiano@localhost work]$ cat test_key_1.private.asc

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

lQcYBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
AA/9EHz5SfwsI+Km+VDpd5ZlXLyFJY2VtqfeCGylcgntyC//7JecSUqt6yh2JSXI
FwcEmGJZs+4FSkxq/JoAmpXsN6SV1S6kyTYLb/yY6DAfKxu/7jxmfEAEzx4MpBDo
RrYIKxRJypw9W7Ltee9KFzo4p3WYH8xEOPlN6JhssuyAvny2IL+6Qh2YvrNDvMqI
X4Qv6+9tMOElQ+Ry0Nba4nw3gM+llzNk9bUoV2d2eJtU2G+HippJxbaz+FXzekKK
xEH4c0FK/RNxxt3JIRD4GhVeNJZ3LkmChftXG8N+H2bVi10O7mWyRRahFu+nB64u
0nDfI9S6s7Gz8Od1X4KDOchsijrpfmCeh9YIGc039lItEbN01DW4QCza7/FwP0zw
rZG7zvjTl6lM3y/7bI67bV6QcuUiFunyyKfrmLA9F7VABkitm5sZq02SIoyg2+oL
s9Yk89Ep5n9A1J1BH7hDi6jz+/4V4poegyM+0Wg7tOP8MbXD70T2uroOwHLs1WUp
Z9oqGa/XCUVwGyqEsq2+viGvzOFKP5r2HpvLcio0TgX7Kb+z20R6rP/nJUDBx6vx
/Hk0+9V05B2OWQfegIfA0c6xLasu2DbT5/Adb2Byyl/4M368AFBHMxZ2V8j6TAfb
5pK9OHfW+anN2nl+4zf/QOq7czhhdC2kGSPib0sSjI6e0+UIAONvJbLMRtSL4QGY
U6b11yerSaz4g98qv3xTIJz28guGmCW1mS98tggFpcZqXtVk//FwEw2rd1KuQVZh
bLchoVHv5sPJfU8hExIO9uPW60V9l0kOly+C/oH9lIazmWAYoglo7v7JVJpfHWIW
mbbmTlHcEfesAe8WEvsyCCmgTPZT4QC2HgC+/ZAycIq8SInaKBFS92aVDCVYaEbw
aHKaX3aYXxG1Aftd2Wpl+9SAdFo9jxxzXsYg7SVCk2DV4J2Jl6MOkWlzpLfq4LfR
oqvVR7F1TR+x95aBFkPPOTbxj9WCv7hNU+0zwWMqeoNoarbXJteGAcQIrcNMrq1R
KOAUptcIAOmRh3HzOIe+d1Xm+hlOfpogdZMt9uKD5/CVVnh32EdkNOzjapbXTE0W
pFnXaCSatR9DGafngL/fRPYIoPD0UNPy6vcdg1TDWCwC7Vh7v5Alp8bGouKHK8fR
fkkN1agjFRdBbmJPsEpEkKJKsxOg90l/XZ21tZGtw/fAyVAX9fNbCDfUbqZ7jyyZ
XgJnq0TEp8fryIsX8g/xy4l690EuBglzlqSW2pdNHI6L9rwyJWFYi16JQZTSKSvt
VOxZi/eFNtbmlOfRExhNqPE3xJM+fe5YNxPg2YZEUhk27dLeAqqc85+wcObGaMvp
Q2xH0Kz65+LnQHV5u8o3NjGH/t31RRUIAIQJComBlJaS0gTpPndQb4StDAy4Qd1Y
CPWuhhOzNA8hwW3rq8MWjkVOR7VSWGtDIcccYydsJj09QzYWgaRFxynGkcjiC0oE
NRq+U+BuSSWhtWVfEsalWkyTdrbyNH53KIUB1MO56/xPaGRpGFj+nl1oWF6XUnGQ
zMiFBS1fLYQrHBiZ+JPnCwhhbRRLgGRyX33tH2oGZ8ga63cgfBWjiH6Aso4KLFeo
kvz/qAs8Rx2Px84I9F2f0lBEGO///Zri/hFoR+4sPez1M5StydhiXXKfJLFBWPuW
uTB9NYexrXK3VSXj388pvOHzl/l/wYD2Jj4gtqW5U3NP67b9+J6cifSS0rQQVGVz
dCBLZXkgMSA8bkBhPokCNwQTAQIAIQUCXH1Q4wIbAwYLCQgHAwIGFQgCCQoLAxYC
AQIeAQIXgAAKCRDgTJMpR52QBlv5D/sGKxPGYHJZD5jwkMdIPt/Q0tiuslY9ur6o
+6g8MkiRxd48xM1Qu9jGBYhc+MjXeM9p3SxLg0qTtIV6Ut3XvBGYE5ukzMFKx6tP
jCHsZ+bYqzxJdJXM5wlaIS+++0wJjqoGJcUZt5+Lbt4uzdjTw3LwED4jkV1ovvzV
IVCDeGPm8KuCw3ebhnPfSoJwpsOKX7Fg+reJXa+43ORS0TbsODX53qS3rSlxbELB
LKAvq8BXUjOHz178O/1MfTiEcCJtjLgkDR3eI7ICIVPMZ5WYtWjtmciAei6oqKHN
ZTPR9eZ86MWBaSAXj7fcOQDX2oD1+rNqZZv3tV37Fh6U5J+QRqvXn0W7IvFzw/7Z
5zWeT0sJ+gx6mNmVUvfP6kGNELxb8HpiX7xiFc5R8yOM8iDxC/NkMrMyq70chYaT
vqkpWHIowOpuAjCPbWpxjbZL8/L7bbOOeBJH6Z6lyC1EQNoWVkGeb8z80781GtIs
J0jWmxftvn8Pp4Vu30DTdOl+F1v6C3lekxT4v+m6/P1afzJq3rCyRlFxvMY+qiiR
IIbomVXFHP6o9nfOp6lf5HFaYHIvtRUDTMfgCNWQ25kyodM9WOnoY0fcGm4eAk0n
VvAN6Mqy3eyS+eiuGXmAjA5If8IjLnzv+WWcqtRtUoOWTV8qQa/No33lKP06eFNl
4lzuhxaXg50HGARcfVDjARAA52HZu1m37gPMhbavVrmSeNOCGzGLjvfmkXgW6RKD
+U1lpYo1eApmWe9+oqUAwog4C1liao/dBd55CI6p3l34qjKYZV9HvpSnkhNZXT+a
gMxexcU86U+Y3tCullcGyAkVehmQ9juBTrkD3IgXh+8u19GQo046AhuZTbDmEsKu
q7nCu0WOVKFZLcCqtpctOrcXw4HdTjS7viONtqm5us1SipECZmSIbFYI50YVoXiO
xtZDk6XgKm7vEF6XBUSOdCVCqtUYk9R/5DfYir74fZBOK9iPqje4UUtpuUwFH1IH
Sf4cD6LcZY18pdYOI0l3CbucQ3go5ydOgBFMsTSrRSX0lxytmT+2LQEPTJry+H39
RWN4LWJ/twGwSh73gucsvT7UyIKlxeeyEUWmjEWyg3Fr8tv+JBnr1wMSvMEiZ3ph
h2wdPh041Je7aZt0cvZJT6fEBGyu/fkm0IEeZQKN1gtjpVS1NSkUeCktklQczuVS
9TxLM8Ciu7FKPykHU2oFIyzJAqE7IYzO7Az5Haf8wuP4LEWCKnUuoipp2obmvPmX
GK3WFJnTR+i24Asa+U3DkAEaNzvVSMNLVLexXvMLr5mNtIch2ZlW2uRWE5BO47Bt
01HZ+q5ZgPf3MLsNNtKJF3wZC0+bEfg9PX7XD8p3Pj+CkqhEr7EZlgJYrcHoDg1f
IGMAEQEAAQAP/2wq4NxGUYd6DCs4X5jF8RT+H9UxoMHp30aDIwa7iqnJxmqQhXWE
OxvxK7zCMWw/vR+FHk6dyaA8RE29T+kt+hkqxPajB8mu+fV+iSjgGoz6vZVsIxEZ
DmifmvaaYYezQ3CMsimCYO1Z7dWzY3i/VqE7DYhighjJKS5aM/xyObD7Cu98UVD8
CtIqP0RTwSexP3E87SXp3hjByzao+rQ610sDBmGyvtoSkF/58hPF5c1LjlTgVz7P
FICND8G9LnFal+N/8ljtnwokF12pcEZW50x1FZhoKwkKHbcrtDtToCe1nQ2sP6dT
8QEf5AUYC4enxqH98vU4+WhCbh1rd2PAnioA3hAvQVsqLg0vOPKhH9o/1ZEy90jR
Kn/VBaSpwnsFxhf8M7F6jt3wX5l0jKkTUIFaXLJTlOSlNgif5FxQ1Nn0l4KzYqo7
9JDcrns7ONSrGN6SvGbhNu3Wy/pyaFMNWDB3Fxd7a5tnSs1qa1A1HlhJGCP+AMz0
7snE5bTeZOG5rpyV+NGq8pruHGNcVBF/jHbnfuteqB5E9rfi23Igbr2YWlGicj3Q
qCSFIQkb3w7vPcAL2nNI0PvW1aorHNT4Q4g+TElmWub86MSENX+LkzdVDmi1JdQl
q5VIBSinjAs+y3N946FH8PFhNpNvG+1To8x42kE2Yvw73Snky78mEgu9CADqgLIm
s44f/SIYa0vI+tb1S5nUIbyZJyXULcof4eqeCq8eAyVUd64nPUdD+QmZryTrXshm
DWtvr38n9WcT0NyB50RThpm1nJ1Br9uoZrZeMPFpfwJU6oTHNfvER4leM1O8eTa+
OSY3WfJaPosOOZdsV/bmi6F3IVkpZ1wGm8NHFGquzaZ+r38oBHeP5pEC/s1ABkS2
BoemhqZHeFqWqgKFQifsmw/JSnWnaLJK92qg7hAYs/aQ11IvMEI+A3UWTjzwB3yq
mJHcERJwkldtgrTQDg5Ga/hDTsraDv+lGH6BiMXvR565AUNumJBYnCQpB9QNJOAH
0UEGKOJT4wU5Mn8PCAD8l+xL56g+5nqhj+1dCkHyZKsdbSqlid93KEdB/LxXUxPQ
KxvjM9UEvN7ZCg7X1ClfxDJ+aTMJGAxjPDc3kzSUte8AXoERDEmdObO8u3lKIT39
TzHrb8mt4qss6cjkXCJBwo35Ql1uNG3RlDX9uSRlaANZt9JoSSd6HMMEhooX6ZeL
krRZNapPySYdgYnqDH1VEv3pNQn3RLAfGZTrQpDdzpHSdUkDyYF6dQG2jcWTANac
nWHcp2JSNnHmeji1AJo43+q6l6dXYC2QePS3X/Vuk4c0XTTZ8YpmroVZJJ7JkV4N
XVrCg57mkfEIFeGRnP+EOkCiYhmkxx6mQLqFIIltB/93z0sWF/laXKhAowLDFI0F
du1a3rIkzkyBlXIizCdYZGAfS6+7uAm0KUQuH2JlyIjJDBYWiAeZG27cAr9ltWCx
8jreSwsET8qVUmOpswbKHUESQ9CIPtM2orhQPqXKPxnxPiYx79NTopKPy2r7LAtc
vz0dzpXI39BgqbTFttIPOIIvTjCHEHnutF4zfrkfqKfUWccJrAZjClG02rbPuwRV
uaVtrfv7L6mCW79c78XieCIzEOZWMoWgIM5nx9EekHo9eBGD0eOue7X6PXOgOzw9
de9PR6QbUxqdT3rySzbY8l/ViEEs5h5Jxg+4emZEPzZOkHSrJDs3ZKnlsrLdwy89
bBmJAh8EGAECAAkFAlx9UOMCGwwACgkQ4EyTKUedkAYEWQ//bEASOho/LjlmEDqg
G8kAr26jQX0dTtGQlU9QNC9UCRD4Uw0WCTN2LYdU4rURvqv8Uc/Zv0wyKtV4T1Qc
T6JO9HtR81n1Mox3EMHqVRvjJUhEFv+vGTzs0M8JU08DuBifISozi1Us68cuj/QH
XpxllBpJ+FdsLDar4/LTh1LD8fYJMKoVAYJhxIyTx4muNG60r43jc3sUFGkfobYW
zG0nM9LQSYP35qNBWdHjvMmGmSQARMzPmLnpF/EY2Qmm96rzXKVrzdzr5aukigym
QnJSnjT+Wg2h4wA0KVLaGt6HtyHXIVmH/ASNDb5PnF7r+HbNjpvge454quS0rh2J
LgeoRY7WZCkC9twBLa5xKa7rasPTR0aqnoo4+anxscbx0hn07zFRF2Gsla1A84yY
f1VcV9HRX66Uf9CxK5BpnMFcygTOZNp1mZK8NSYi/V756vXDScSGBUA732rT42/v
TIowMCRKcIZkPAgveDnX5nrAx+F6GqsLKQ4Z6WhvjveFDi1J6oMvGR5thw7YpAzO
oc9+49bG/G7FvlbC+lppiEkEhJrVlLgpyKnY7Sr6jS4Lo5J1gfq+QwV+GKtAaPFb
ywZFPxm5drKGK+iyO9WcHcZgMBVBueMVPdVodI9ghIHdcUHSTIq8Um2Ats230Ic5
kBetIPcAkV2CQ41N/JFsX/lHD7E=
=+Zl9
-----END PGP PRIVATE KEY BLOCK-----


[spiano@localhost work]$ gpg --verify foo.txt.asc foo.txt

gpg: Signature made Wed 06 Mar 2019 09:39:34 PM GMT using RSA key ID 479D9006 gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006



[spiano@localhost work]$ gpg --delete-secret-keys 22D2012D82FA14F44A3AC9BEE04C9329479D9006

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. sec 4096R/479D9006 2019-03-04 Test Key 1 <n@a> Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y



[spiano@localhost work]$ gpg --delete-keys 22D2012D82FA14F44A3AC9BEE04C9329479D9006

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y


[spiano@localhost work]$ gpg --verify foo.txt.asc foo.txt

gpg: Signature made Wed 06 Mar 2019 09:39:34 PM GMT using RSA key ID 479D9006
gpg: Can't check signature: public key not found


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
test_key_1.private.asc
test_key_1.public.asc


[spiano@localhost work]$ gpg --import test_key_1.private.asc

gpg: key 479D9006: secret key imported gpg: key 479D9006: public key "Test Key 1 <n@a>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: secret keys read: 1 gpg: secret keys imported: 1



[spiano@localhost work]$ gpg --verify foo.txt.asc foo.txt

gpg: Signature made Wed 06 Mar 2019 09:39:34 PM GMT using RSA key ID 479D9006 gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006



[spiano@localhost work]$ gpg --list-secret-keys

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04



[spiano@localhost work]$ gpg --list-secret-keys --fingerprint

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04



[spiano@localhost work]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04



[spiano@localhost work]$ gpg --list-keys --fingerprint

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04



[spiano@localhost work]$ cat foo.txt.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgD4WAAoJEOBMkylHnZAG4ZIQAMv61DzDS+uE56JOaa4zFxng
P07MlCY2WJ7hcmz81O9n8SoQXH1IIu6xt389LcwSHtESz8KIJdKvabrIQbs6/bNm
LPXIhLYhYXA/tvOQjh41vXE0xeNAJHcjtfLHiJ1PZ4C8jbkyAK/9Aq2Aredb4bef
A3xv6zyhlgvfCv5lGKxInbk5w6EH+M/RPe+uqB+8Ae64ysH9AHqg/W2ygdJmnvKF
jwWqpt9vmicGY2G4HBJNnwqbf8mj4M2jn5wZMi6hIGWa5C1X7OgRZMPkaIClQJan
11pUanLzZcNZXSLSwZ+ckkFN9lXyuBZU/IHe7WpKHaB892qciMKy4AaCZOrFMGAM
nVf2qVA3KrFKBrLOliJskVrJZgeT+GKt2Lr3Gzf9C6qcmzEC8a9VlzeJXzoLRLCU
Ly6mPr47m2bEOP7/2UkH1BS8/dxEPZyXqCusajXpJ3/uR+A95Tl0miVwH0JS45Iu
reM4EYcZSGW6jBlUd1z0nzTBA3Wt+buvDXxSj31Zr8PpKoPx6JfCLKCewLtJt+EU
gsnBP18Jhh3aZdT0dYbdSCc6z7RMk1pUOj54VniQe0MnFsM+mUaTKGasl92hSMzz
TVWmg+HW3ldry49tiQG2vpyOWYfcjYWA0m1CrcQoFTitdcVQwA8NyFUE+lGYoELz
7Wcq2LF3i0S1cbEJLp6+
=1l/E
-----END PGP SIGNATURE-----




Excellent. All worked as expected.




Let's see if I can get the fingerprint for a specific key real name.


[spiano@localhost work]$ gpg --list-keys "Test Key 1" --fingerprint

pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


[spiano@localhost work]$ gpg --fingerprint --list-keys "Test Key 1"

pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


[spiano@localhost work]$ gpg --fingerprint --list-secret-keys "Test Key 1"

sec 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04


[spiano@localhost work]$ gpg --fingerprint "Test Key 1"

pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04




Yup, I can.

Note: Because of the word "pub" in the output, I think that the command
gpg --fingerprint [key real name]
is a shortcut for the command
gpg --fingerprint --list-keys [key real name]
.





Next:
- encrypt a message to a specific public key
- decode an encrypted message, using a specific private key


In each case, I want to be able to specify the key by real name or by fingerprint. I'll use ASCII armoring.


[some reading occurs here]


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ echo "hello world 2" > message.txt


[spiano@localhost work]$ cat message.txt

hello world 2

[spiano@localhost work]$ gpg --encrypt --recipient "Test Key 2" --armor message.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message.txt
message.txt.asc
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ cat message.txt.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQIMA277c+dPbf7sAQ//Vy84fj6up/ugMxYhf5byyk4nfY1S1PvOPKWK2hcYwDRR
BDEfBnSBw2+UifPDIItY5y3Aa68R1/hS8CZX0kyXeBnn+mjHlvECUxXPTCwYHm8Z
Hz9rSfLLt4kaZe4gNbOQi4sztjDZq8r0/rV/dTe7hBHw8e5KlFm8MZ0enEpbSHFi
9hq8aUO2QmP368+a+qw9jG59w6R+adWL1nN9SCI3pvQj1Oxh1JCMCPsmV63ot72k
EMy8D6iJNGmigxrIOpeonHEkKxGy8cqa0fTcfHVBc0MGDUebMxd/VvaKNpbqS+eh
NGq6HcS8rPZHJsjIwLSSEl60eH7DplWJrRTG1p94oYM9UbWywWguTC+xNNsDHG/A
mrkvRKx2pwA3UUzperOqcpGLCjEQs1u9DT9scwRnXIn1zGOT5bAnGki7iLucBJHq
KfglkCF6uEdY90tmEPq7nVTCnqpKvA5Sio1aLyseitP/VOIHdjkIexoqJk3Hb8kN
xyZvvKgDzc/c1zVjdheBu3TYRCAPodRHPne4glJXPRS72CZOrVLaMamNZAx6Ad7/
fr0ah83krDg5bN86yMKcIgTzN69nt/hCtwUNNSAIo6PYKoGnsgxtAdnEra1UVkGw
pmV1oteniWzHD3MTtw3NOjbK2pFFkKZDFR3xBWOb4ZUvGTdtNSklc4Vq4n94aVjS
VAFhpUrJrnXpFi8I6SndEqZwBCAC4L5NH4gFqT0TbEBEPQDakgNRsH3S4KLmSt0o
My+XJD9Tu9fKjL/kvcGUFJ9/5xrxCILYBxE8BIsicfw+r11ezA==
=QfVh
-----END PGP MESSAGE-----

[spiano@localhost work]$ mv message.txt message.txt.bak


[spiano@localhost work]$ gpg --decrypt message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world 2


[spiano@localhost work]$ gpg --decrypt --fingerprint message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world 2


[spiano@localhost work]$ gpg --decrypt --status-fd 1 message.txt.asc

[GNUPG:] ENC_TO 6EFB73E74F6DFEEC 1 0 [GNUPG:] GOOD_PASSPHRASE gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" [GNUPG:] BEGIN_DECRYPTION [GNUPG:] PLAINTEXT 62 1551960343 message.txt [GNUPG:] PLAINTEXT_LENGTH 14 hello world 2 [GNUPG:] DECRYPTION_OKAY [GNUPG:] GOODMDC [GNUPG:] END_DECRYPTION


[spiano@localhost work]$ gpg --fingerprint --decrypt message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world 2


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message.txt.asc
message.txt.bak
test_key_1.private.asc
test_key_1.public.asc




Good. Decryption successful.


Hm. Haven't found a way to see the key fingerprint in the output of the decryption.

The decryption command doesn't automatically produce an output file.

Let's see if the --output option, used with the decryption command, will produce a file containing only the message.


[spiano@localhost work]$ gpg --decrypt --output message.txt message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>"


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message.txt
message.txt.asc
message.txt.bak
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ cat message.txt

hello world 2



Yup, it does.


[some reading about fingerprints and decryption occurs here]




Test Key 1 fingerprint without spaces:
22D2012D82FA14F44A3AC9BEE04C9329479D9006


Test Key 2 fingerprint without spaces:
BA9A077B050C3FC064597E7C98D3EFEDE4D7C711


[spiano@localhost work]$ gpg --decrypt --verbose message.txt.asc

gpg: armor header: Version: GnuPG v1.4.10 (GNU/Linux) gpg: public key is 4F6DFEEC gpg: using subkey 4F6DFEEC instead of primary key E4D7C711 gpg: using subkey 4F6DFEEC instead of primary key E4D7C711 gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" gpg: AES256 encrypted data gpg: original file name='message.txt' hello world 2


[spiano@localhost work]$ gpg --decrypt --local-user BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world 2


[spiano@localhost work]$ gpg --decrypt --local-user 22D2012D82FA14F44A3AC9BEE04C9329479D9006 message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world 2




Notes:
- Specifying the
--local-user
to be Test Key 1 doesn't cause the decryption to fail. The --help message indicates that this option applies to both signing and decryption. The man page indicates that this option only applies to signing.
- The line
gpg: using subkey 4F6DFEEC instead of primary key E4D7C711
indicates that the message is actually encrypted to a subkey.


For comparison:

[spiano@localhost work]$ gpg --list-keys "Test Key 2"

pub 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06


I see "4F6DFEEC" in the last line there.



From earlier:

[spiano@localhost work]$ gpg --no-default-keyring --keyring ./test_key_1.gpg --verify foo.txt.sig foo.txt

gpg: Signature made Wed 06 Mar 2019 06:31:41 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"


[spiano@localhost ~]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04



I see that 479D9006 is the key ID of the the primary key, and that this primary key was used to make the signature.


So, I think that:
1) A GPG keypair contains a primary keypair and a subkeypair. The primary keypair is used for signing. The subkeypair is used for encryption. Other people's encrypted messages are encrypted to the public subkey. The private subkey is used to decrypt messages.





[spiano@localhost work]$ gpg --decrypt --debug message.txt.asc

gpg: reading options from `/home/spiano/.gnupg/gpg.conf'

[program hangs. eventually I interrupted it by pressing ctrl-C.]

[spiano@localhost work]$ gpg --decrypt --debug --verbose message.txt.asc

gpg: reading options from `/home/spiano/.gnupg/gpg.conf' gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world 2


[spiano@localhost work]$ gpg --decrypt --list-packets message.txt.asc

gpg: conflicting commands

[spiano@localhost work]$ gpg --list-packets message.txt.asc

:pubkey enc packet: version 3, algo 1, keyid 6EFB73E74F6DFEEC data: [4095 bits] :encrypted data packet: length: 84 mdc_method: 2 gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" :compressed packet: algo=2 :literal data packet: mode b (62), created 1551960343, name="message.txt", raw data: 14 bytes





Well, that seems to be the best result I can get at the moment. The command
gpg --list-packets message.txt.asc
will show the long key ID (but not the fingerprint). Note that this is the long key ID of the public subkey.




Now let's test that I can encrypt a message to a key, specifying the key by fingerprint.



[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message.txt
message.txt.asc
message.txt.bak
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ echo "hello world 3" > message2.txt


[spiano@localhost work]$ cat message2.txt

hello world 3

[spiano@localhost work]$ gpg --encrypt --recipient BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 --armor message2.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message2.txt
message2.txt.asc
message.txt
message.txt.asc
message.txt.bak
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ cat message2.txt.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQIMA277c+dPbf7sARAAt9885gI2ua2YNQgJI144sUPCjbC1rP/NAOrPxw6poLGN
AktNk1y0QbYQa8CYZOXGwsDGWUCGLR6ZLx/VzurGWkuVcowdVEACyCZ4JzkHiAv9
gVKsw7+pm45UKq+O59uUPwqxYFHJOky8G9HjCpRnigIdbDtID8nf+CeuJZUIQhgv
82yLdq8phDb+mIHOQkBMaV7wzK9bKVrkSaS9osIqbI4P4QyCpBqdF/QKifVqiONF
gfdjzQlT9k+jvGGwqMRE4UVgr2KY/Qbipj0QEHQMGQIc+yMbsCfxHQGxKBIZSCut
QetVDXEy5K4930ViMV/rYlrIJgq+S0n0ChhLPQcMZqNI6a58VZvEOXLzdsk0EjQp
OR56U4EmEH3d+yh0AyOYrr6cwpqBiRvun8DTQxpVx31F+ZXHXPZILV7LjBqhdZkB
FfACDP4ANJla8yMjI9+xG3TztlyhvFWZyKUea1eDdGfYE8uvxlHWmWOcqo2VL8Eu
hd4xrwUNm/X8qZ1jq6B+QQ9Mp2XyoNFI0pqlqKf//2zk+01G3VUmRnG4O/6Ihl8Z
UpAM4LxzaxICpPcnhEQmHGbhjg08s0j2+z9lRKWGtsGOt5Bk1WStK1WjQo9V5bzF
bQKDcg7AQWoSKptyK7rZPjMCA5Rzwl2IRIOfIyewTb0XgDzRya2hUIwQt+wY7ebS
VQGhmjVBfISBMDACrWpcZsRdkaUf+Azi1yq1rFWrPuvWYwJW7mPh/0uuJ1LjFeNZ
Dv6CIq3qzSk0Po3u9WjqC4t1WP9SlHCVPh5bf9ghmt/yDMuPEzo=
=RR4B
-----END PGP MESSAGE-----

[spiano@localhost work]$ mv message2.txt message2.txt.bak


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message2.txt.asc
message2.txt.bak
message.txt
message.txt.asc
message.txt.bak
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ gpg --list-packets message2.txt.asc

:pubkey enc packet: version 3, algo 1, keyid 6EFB73E74F6DFEEC data: [4096 bits] :encrypted data packet: length: 85 mdc_method: 2 gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" :compressed packet: algo=2 :literal data packet: mode b (62), created 1551962697, name="message2.txt", raw data: 14 bytes


[spiano@localhost work]$ gpg --decrypt message2.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world 3


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message2.txt.asc
message2.txt.bak
message.txt
message.txt.asc
message.txt.bak
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ gpg --decrypt --output message2.txt message2.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>"


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message2.txt
message2.txt.asc
message2.txt.bak
message.txt
message.txt.asc
message.txt.bak
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ cat message2.txt

hello world 3





Only one problem left. Need to be able to specific a particular key to use when signing. The man page indicates that the default key is the first key found in the secret keyring, and that the --local-user option can be used to specify a key. Will --local-user work, and if so, will it work with a fingerprint?




[spiano@localhost work]$ rm message* test*


[spiano@localhost work]$ rm foo.txt.asc


[spiano@localhost work]$ ls -1

foo.txt

[spiano@localhost work]$ cat foo.txt

hello world

[spiano@localhost work]$ gpg --list-secret-keys --fingerprint

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04



After exporting, deleting, and importing Test Key 1, it is now in second place in the secret keyring.



So: I'll specify that Test Key 1 should be used in the signing operation.


[spiano@localhost work]$ gpg --detach-sign --armor --local-user "Test Key 1" foo.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc

[spiano@localhost work]$ cat foo.txt.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgRWrAAoJEOBMkylHnZAGKxAP/1GZg4+3ch1NAeI2r/uJ9rhT
SQLZCjBCVd4nOFHEAzRBzMP35g94QI2bxlOBQkj/YtPah70Di3+9RNTXIOPSr7gj
LbkucObN8xcosd1ClgN6ukva146BCKJaAC7YnAY0wei1xxS7D7rRLw7SJjAKjYiE
oa2fVB08S7e7UjT+0QflqC3y9SE0c2DCEwi0+hYvBHcUp7mS3jjPsibZI+ubFzBG
VSEDrs7KAtDQy1Ya6aE8rSMBJJqGJXY9FacmX4JZkVWRscShB3A3YarxKN23lBI0
sQ5pFo6SiTkFiq34yEz/+ZGspVeiNcj7cQ/f+YGFBR7ZLMLZzqVASmInXWK8kCr1
rya9evlEKGXxULpsGNB6H9D18DhRi4bzU5y080Pb2h/pLPzo4Li2K2MabcUHIuo5
2cJRDqc/183yWxAEZIUEWfecZEbcyUc1yJdA/P7IGma/YB7eHLS9c1N/Jku7CxnU
YGQTaL/rptqq6CWnfOTTB3AFvH02B+VHEUK655c4yMJBgd7xF0o0qimnWS0shEd2
zy+zsiSxDRcMdDQDIQbeH/dJKnZBfODrTAaCgQw3Qu7FklHcsvfsogiojUa2L7ed
oo960jeqTj8Pziu8E1M90GxgcNEWqQuvYNVFfPYcYXnarfOYsxhmmbZIZ9diQbdy
uWj83YB6o9NtgDTyEmH7
=lT2b
-----END PGP SIGNATURE-----

[spiano@localhost work]$ gpg --verify foo.txt.asc

gpg: Signature made Thu 07 Mar 2019 12:59:23 PM GMT using RSA key ID 479D9006 gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006


[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc

gpg: Signature made Thu 07 Mar 2019 12:59:23 PM GMT using RSA key ID 479D9006 [GNUPG:] SIG_ID 2y1gNDe4vfd+U2ZNylv1foWsORk 2019-03-07 1551963563 [GNUPG:] GOODSIG E04C9329479D9006 Test Key 1 <n@a> gpg: Good signature from "Test Key 1 <n@a>" [GNUPG:] VALIDSIG 22D2012D82FA14F44A3AC9BEE04C9329479D9006 2019-03-07 1551963563 0 4 0 1 2 00 22D2012D82FA14F44A3AC9BEE04C9329479D9006 [GNUPG:] TRUST_UNDEFINED gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006



Yup, --local-user works.



Let's test the result against fingerprints.


Test Key 1 fingerprint without spaces:
22D2012D82FA14F44A3AC9BEE04C9329479D9006


Test Key 2 fingerprint without spaces:
BA9A077B050C3FC064597E7C98D3EFEDE4D7C711



[using Test Key 1 fingerprint]
[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

1

[using Test Key 2 fingerprint]
[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

0



Excellent.





Next: Test that Test Key 1 can be specified by fingerprint when signing.





[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc

[spiano@localhost work]$ rm foo.txt.asc


[spiano@localhost work]$ ls -1

foo.txt

[spiano@localhost work]$ gpg --detach-sign --armor --local-user 22D2012D82FA14F44A3AC9BEE04C9329479D9006 foo.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc

[spiano@localhost work]$ cat foo.txt.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgRfkAAoJEOBMkylHnZAG7d0P/RYaOe0xQedfiqvvVbz/tMP+
bq+qE0PIYadxT9kDkPMlZ4vbSSrlsmhCeFRgvwMOeSgeiU06prNS6FCFl622iNV+
NEfM/N/YWczY/KdN+T1uPJJWf4NCW1aHfKZxpNEQyJNmiORwohjG+i/mQrT1EZp3
/QpS9hV8iCbtkjGl3YEZJR6WSY5WmAEuFNVJmVhpz5OYppOzDqEukDN+cFzhB/NX
57mIt8PiJbgH5zB8B/GVSOQHNw0r2Q+mjJlNycyVTKESwJ1INiRV+PNZRkvF4zpG
wbvgf4CrPqTLagvS6n5tULivnmlr1PGZllDZRZHJKYnW6yboSJIkhFLL4S+G0OZ3
mETWQwM/9BpsycaIvyPMb/dfPO/EGhO8zBHb042dHrO76rxg+IOeNl0k5UvspqJN
rUYxeFnT5uypjtq5alEXHFG0is7J8hyzGPbzPF3Oj6VDyOtU58brvz/WSebbQyh7
0JChm33Aa/ewUHKzAYbneGJARIimsD9Y2xiGEYV7YjiQk6JQnYN25v0fv3MMzm0V
1KDJfLObwkdQIgF15zR4jlpxsaFmGlhTuFn5VqeyGoQ1tnZbPySa3FH9O3TMpx7L
g/0yCBMWOMkHOvlmlQnRHugJaJZbQe5SztWlKhGsXIHPNgVFAKxKuAvjYTOyaXBM
apHkx1p9SLubwCNS8FUu
=StJ8
-----END PGP SIGNATURE-----

[spiano@localhost work]$ gpg --verify foo.txt.asc

gpg: Signature made Thu 07 Mar 2019 01:08:52 PM GMT using RSA key ID 479D9006 gpg: Good signature from "Test Key 1 <n@a>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006


[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc

gpg: Signature made Thu 07 Mar 2019 01:08:52 PM GMT using RSA key ID 479D9006 [GNUPG:] SIG_ID fkhjL6K7zXgc5CkRNj2UVX+DE6I 2019-03-07 1551964132 [GNUPG:] GOODSIG E04C9329479D9006 Test Key 1 <n@a> gpg: Good signature from "Test Key 1 <n@a>" [GNUPG:] VALIDSIG 22D2012D82FA14F44A3AC9BEE04C9329479D9006 2019-03-07 1551964132 0 4 0 1 2 00 22D2012D82FA14F44A3AC9BEE04C9329479D9006 [GNUPG:] TRUST_UNDEFINED gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006


[test against Test Key 1 fingerprint]
[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

1

[test against Test Key 2 fingerprint]
[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

0




Good.





I'll also test that I can specify Test Key 2 for signing.




[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc

[spiano@localhost work]$ rm foo.txt.asc


[spiano@localhost work]$ ls -1

foo.txt

[spiano@localhost work]$ gpg --detach-sign --armor --local-user BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 foo.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc

[spiano@localhost work]$ cat foo.txt.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgRhqAAoJEJjT7+3k18cR0FIQAJbOhNiY78cdkNqYaGTjyE01
aL1VVYjEC4JgsXPPn4WPi6jVv2gEYodhGaDxSIv/KOQlPrnqj7cdFjhPlg1xwFme
WT9vxXuwFb1+iVDJR+2LcH/P+pabCnTjp2QGh4+dus0FdKqDvcZ4XVVIEqytp7aD
Mz29gAxoxgy4dl9NUidHK3j3H7mUh92e8CTBJIyUgYN62t+mHq+y6DgJ5aRe2etA
Dt3/LeW1+pj4Hmg61OcOe3WRZ/UqebrvaUM+o63DWpdxolNQlgrM17uWxg9+FPgh
acOhq9g2nANl7ZFaeSQ43EitBVAbuIxmAJ0p9jjVIJCZHC4W6PhHPkW8zBHIvKaJ
TmgizHYZN6VlcnNdnfn0oacRDxCZbeqoSirK2a8v/KpUvJVs+KoigIBUf/i1I+98
Xn+PbBn6msuavG/S7rA95WYZMWXy0ZoUCcjEN+2TW4D/FKGZPPXqUJ2pf0GIq5fw
fMQcJVoBw8NnZbCh0VgDy5N8Gr7rfrmalkrTuZhOYEW77rPOQVtWLiIQ6dcS80wz
aAqstMz2VAFwWdNpynT5QvD/tBroztEp/YSepaLXJR66fxwWKOaOZdKGyS5flhzm
J0Wwe4YTVjAVrtnWEkhp9tVFIgBG0gmePfBpFyHwHCso9/1u0dhF9KZ+fKMqMZB0
SeO8M+xeSvzm1/BGdPmn
=rve+
-----END PGP SIGNATURE-----

[spiano@localhost work]$ gpg --verify foo.txt.asc

gpg: Signature made Thu 07 Mar 2019 01:11:06 PM GMT using RSA key ID E4D7C711 gpg: Good signature from "Test Key 2 <n@a2>"


[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc

gpg: Signature made Thu 07 Mar 2019 01:11:06 PM GMT using RSA key ID E4D7C711 [GNUPG:] SIG_ID VDKH9CaoS/edLrLKn7o7MOH8Ndg 2019-03-07 1551964266 [GNUPG:] GOODSIG 98D3EFEDE4D7C711 Test Key 2 <n@a2> gpg: Good signature from "Test Key 2 <n@a2>" [GNUPG:] VALIDSIG BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 2019-03-07 1551964266 0 4 0 1 2 00 BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 [GNUPG:] TRUST_ULTIMATE


[test against Test Key 1 fingerprint]
[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

0

[test against Test Key 2 fingerprint]
[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

1

[spiano@localhost work]$ gpg --list-packets foo.txt.asc

:signature packet: algo 1, keyid 98D3EFEDE4D7C711 version 4, created 1551964266, md5len 0, sigclass 0x00 digest algo 2, begin of digest d0 52 hashed subpkt 2 len 4 (sig created 2019-03-07) subpkt 16 len 8 (issuer key ID 98D3EFEDE4D7C711) data: [4096 bits]




Good.


I note that the signature file contains the long key ID, not the fingerprint.





Ah, there is one other problem.



From earlier in the log:

There's a particular combined operation I'm interested in:
- Is it possible for 1) a message to be encrypted to key A, and 2) the encrypted message to be signed by key B?
This would allow key B to send a secure message to key A, where A could be sure that it came from B, but B could plausibly deny (plausible to third parties) sending the message to A. A could not prove to other parties that B signed the message without revealing A's private key.
I know this operation is theoretically possible (all messages are byte strings), but is it possible using GPG 1.4.10?




Hm. Let's have a go. I'll encrypt a message to Test Key 2, specifying the key by fingerprint. Then I'll sign this encrypted file using Test Key 1, specifying the key by fingerprint, and producing a detached signature file.



[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc

[spiano@localhost work]$ rm foo.txt.asc


[spiano@localhost work]$ mv foo.txt message.txt


[spiano@localhost work]$ ls -1

message.txt

[spiano@localhost work]$ cat message.txt

hello world

[spiano@localhost work]$ gpg --encrypt --recipient BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 --armor message.txt


[spiano@localhost work]$ ls -1

message.txt
message.txt.asc

[spiano@localhost work]$ cat message.txt.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQIMA277c+dPbf7sAQ//R64Ql6UJKdeL3bHrmC6I6/nPmoBGTIR8ar3OpZ6lHAdg
TZ9vpW4HRTU8aUFFNzUAMG9tPlE4j0POfrXztXMv742jEToiPPV4wIrDnpWlqJ6+
lDunCkUvuHcg6BY/81ukmQ1ToH47M4q5s90UrK/MviAW+WxbDSVbnMIXMqf04rBo
FpAVdCcO8Uh0ndTzs9DVzFc9G6eJb0SwJMLndwXUkLHK7ftmlieC8ArjIy8qbKnH
9Ef4PIhid+DIToVG55LpNmrBc4FKbVkuaPf/8t0p0PGwlqYL8sPtyNQgQzxLqOFt
h3C8cbd3OT6i4710/U8VQYwyxbEa/kbCo99f3WgIF6Yy+QtjBVRDj1LBqhjWTeQP
O3vO0T7PfWCBnHm22ZaG4qQSh2y4+5U8W9VJI1SSuCvj99vIB1IwgX2EI5Jv/tvY
vJx9VBntrvTaVjnnBOJtBjjwvcQHF9ieWAOKQOP5i8JrHXh2yJqTeWQgWMgB9KkK
pZW6YExYDXD9tcpXg50xXqqJ92LR0lGRJOtguZ5ZsG5/5kznc6FAbmM2KfkOS7yr
n3y01lBqBxzp3Cn7bHgrQTa0V4LWmSsiDjxTKWyzw9xKBpsfcrshlRQk1EvN1/xw
GKFq83zyqXVoH2NSsgz2787sOL+QmgHAZ+qgeIUTbTi0SD9bXu+kseYQizNZk0PS
UgFzhnCDJMX1ROa9O2UBOOQ/Mc/utW+x65tykBW8vkCaKLEhaX6rzYMHigrRXQC3
b1Exhrqfvso0MW8bM9jrvH3RrU6uAoAFD7GWmiVMQVr5j+c=
=37c6
-----END PGP MESSAGE-----

[spiano@localhost work]$ gpg --decrypt message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world


[spiano@localhost work]$ gpg --detach-sign --armor --local-user 22D2012D82FA14F44A3AC9BEE04C9329479D9006 message.txt.asc


[spiano@localhost work]$ ls -1

message.txt
message.txt.asc
message.txt.asc.asc

[spiano@localhost work]$ cat message.txt.asc.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgXI3AAoJEOBMkylHnZAGCX0P/1jkowWLbHmPlNODVyAtCWEz
6VnlMaxeK4eh2RYUnwHtAhgsl9WDZuO1HQhZ/T8Er0LVVx9BsfxHPB8ea4DaMDjf
sQIuIlV3VtD9VNV6EKWv0fgWBqAkSbAn8i4/fkR9zkD3wixCwHWROMeFJ/8B8/wl
QLKT66vr05lqO9VAaOw23EEaFl0u7hBap4q4dkdsj4/E2TllRNP95SeYMb3YNCyv
Th6w3cdqFGXaDXk+JetPrAJ0avg0ekOPNMYZmoR7y3+KyN6b8xqNNSrS/K+sLa8q
4jzXXWbkV2WGEzDLbrL3sZlmnNKWFb1uNyS2H8WH1a0sQU0NvTjGHiVa5LnsbjQG
JlIWeTXm8z5SgefKJipvo68ec9OII3O/mRr9EOYgMwJzcF3W4xjpnzxj491R6iRq
bbMPy48NlSHXlZ8P3Yw6iJ+tZC9yI2mctSklv5VdR2zwDzfkuoqdb6buz0dXK95z
drHZq8AylUsUwV4gdbzcjoaFhIsrOhsN0lNdoOxQFu8jk5gTaASccS4hGXrL3ygJ
CZCa9vkjMuFZDh4JarMDoCpniuROP9UxDc+qo6L/yBOqlM7bGa9eErq9XPejJ/t9
TBwPTqFbTo5J7d3NhN3dKXRzjoyq4TGbogT/+67BpeFQr4pG4lyj5DSJ0/OXoPn5
Xr2R+W1ghUnqZU74W/5M
=nXMi
-----END PGP SIGNATURE-----

[spiano@localhost work]$ gpg --status-fd 1 --verify message.txt.asc.asc message.txt.asc

gpg: Signature made Thu 07 Mar 2019 07:34:15 PM GMT using RSA key ID 479D9006 [GNUPG:] SIG_ID JrK3OaIyD6Zl5rh2gKYW5SLa+xs 2019-03-07 1551987255 [GNUPG:] GOODSIG E04C9329479D9006 Test Key 1 <n@a> gpg: Good signature from "Test Key 1 <n@a>" [GNUPG:] VALIDSIG 22D2012D82FA14F44A3AC9BEE04C9329479D9006 2019-03-07 1551987255 0 4 0 1 2 00 22D2012D82FA14F44A3AC9BEE04C9329479D9006 [GNUPG:] TRUST_UNDEFINED gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006


[using Test Key 1 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify message.txt.asc.asc message.txt.asc 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

1

[using Test Key 2 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify message.txt.asc.asc message.txt.asc 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

0

[spiano@localhost work]$ gpg --decrypt message.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" hello world





Excellent. It works. A (in this case Test Key 2) can receive a message from B (in this case Test Key 1) that is encrypted to A's public key. Additionally, the encrypted message is signed by B. A now knows that the message comes from B, but B has plausible deniability about his authorship, as long as A is unwilling to share his private key.


This could be useful for e.g. a chat channel, or rather a chat channel where attribution of chat statements to public keys is important.

Details:
- A sender can encrypt a chat message to all registered recipients in a channel. The sender signs the encrypted message, so all the recipients can be confident that secure transit has been achieved.
- However, the sender doesn't have to worry so much that absolutely everything he says might be held against him in the future.
-- Exception: One of the recipients is willing to burn his private key (or rather, this particular private key - he might have several), by publishing it along with a set of messages from the sender, in order to incriminate the sender in some way.


Alternative approach: Create a new key to be used for chat, delegate chat authority to it via a signed statement (which should clarify the more ephemeral nature of whatever is signed by this key - people should e.g. trust that your published articles carry greater weight than a chat line), and never type anything for which you aren't willing to take responsibility (this means not breaking the taboos or attacking the sacred cows of your culture unless you can defend yourself effectively from that culture via e.g. lawyers and/or bodyguards).





Clean up:



[spiano@localhost work]$ ls -1

message.txt
message.txt.asc
message.txt.asc.asc

[spiano@localhost work]$ rm message*


[spiano@localhost work]$ ls -1







That's the end of this project.















[start of notes]



Changes from the original text:
- I have not always preserved the format of any computer output (e.g. from running bash commands). Examples: Setting input lines in bold text, adding/removing newlines in order to make a sequence of commands easier to read, using hyphens for lists and sublists instead of indentation, breaking wide tables into consecutive sections.


[end of notes]