Verifying Keys
7 Key Listings
80
Commands
The key listing commands are described in the following sections.
--fingerprint
Lists the fingerprints of keys on your keyring that match the supplied criteria. If you run the command with no user or key ID information, all key fingerprints will be displayed. If you enter any user or key ID information, only key fingerprints that match will be displayed.
The usage format is:
pgp --fingerprint [<user1> ...] [--biometric]
[--verbose]
Where:
<user1> is the user ID, portion of a user ID, or the key ID of a key on your keyring. If you don’t supply a user ID, all fingerprints will be listed.
--biometric displays biometric words instead of hexadecimal numbers.
--verbose shows the key IDs under the primary user ID for each fingerprint.
Examples:
pgp --fingerprint Alice
Displays the fingerprint in hexadecimal of any keys on the keyring that match "Alice" using the format:
Alice Cameron <[email protected]>
896A 4A96 9C3A 3BEC C87C EA8B 2CDB B87B 2CEB 53CC pgp --fingerprint 0x12345678 --biometric
Displays the fingerprint in biometric words of the key with the specified key ID using the format:
Alice Cameron <[email protected]>
aimless photograph goldfish yesteryear beeswax corporate crackdown millionaire indoors upcoming choking sardonic reward underfoot eyeglass amulet sawdust holiness glitter therapist 1 key found
81
--fingerprint-details
Lists the fingerprints and subkeys of keys on your keyring that match the supplied criteria. If you run the command with no user or key ID information, all key fingerprints will be displayed. If you enter any user or key ID information, only key fingerprints that match will be displayed.
Subkey fingerprints are displayed if found on the specified key. Hash names are the same as listed in the detailed key list mode.
Fingerprints are shown with one of the following prefixes:
Key Fingerprint indicates that the following fingerprint is for a master key.
Subkey Fingerprint indicates that the following fingerprint is for a subkey.
X.509 <alg> Thumbprint indicates that the following thumbprint is for an X.509 certificate, where <alg> is replaced by the hash algorithm used to create the thumbprint.
The usage format is:
pgp --fingerprint-details [<user1> ...] [--biometric]
Where:
<user1> is the user ID, portion of a user ID, or the key ID of a key on your keyring. If you do not supply a user ID, all fingerprints and subkeys will be listed.
--biometric displays biometric words instead of hexadecimal numbers.
Examples:
1 pgp --fingerprint-details Alice
Displays the fingerprint in hexadecimal of any keys on the keyring that match "Alice" using the format:
Alice Cameron <[email protected]>
Key Fingerprint: 0x6D2A476D (0x7B72AAE06D2A476D) D2E0 23B2 53D0 49C9 6812 31AC 7B72 AAE0 6D2A 476D Subkey Fingerprint: 0xB86FF2CF (0x0787EE48B86FF2CF) DAB6 570B 9411 197D 5DDF A9B2 0787 EE48 B86F F2CF
2 pgp --fingerprint-details 0xF88C6910 --biometric
Displays the key and subkey fingerprints in biometric words of the key with the specified key ID using the format:
Alice Cameron <[email protected]>
Key Fingerprint: 0x6D2A476D (0x7B72AAE06D2A476D) crucial performance ragtime adviser
82
robust molasses stairway sardonic beehive quantity spindle gravity reform monument artist supportive Vulcan megaton gazelle autopsy Subkey Fingerprint: 0xB86FF2CF (0x0787EE48B86FF2CF) chatter decimal snowcap caravan breadline caravan pupil decimal beeswax Wilmington tunnel nebula bombast outfielder endorse Jupiter preclude Eskimo drainage sandalwood
--list-key-details
Lists the keys on a keyring in detailed output mode. If you run the command with no user or key ID information, all keys on the keyring will be displayed. If you enter any user or key ID information, only keys that match will be displayed.
The usage format is:
pgp --list-key-details [<user1> ...]
Where:
<user1> is the user ID, portion of a user ID, or the key ID of a key on your keyring.
Example:
pgp --list-key-details Alice
Lists all of the keys on your keyrings using the format:
Key Details: Alice Cameron <[email protected]>
Key ID: 0xB2726BDF (0xAAEB5E06B2726BDF) Type: RSA (v4) key
Size: 2048 Validity: Complete
Trust: Implicit (Axiomatic) Created: 2003-04-22
Expires: Never Status: Active Cipher: AES-192 Cipher: AES-128 Cipher: CAST5
83 Cipher: TripleDES Cipher: Twofish-256 Hash: SHA
Compress: Zip (Default) Photo: No
Revocable: No Token: No
Keyserver: keyserver.pgp.com Default: No
Prop Flags: Sign user IDs Prop Flags: Sign messages Ksrv Flags: None
Feat Flags: Modification detection Notations: 01 0x80000000 [email protected]:pgp-mime
Subkey ID: 0x6F742FE6 (0x939BB8896F742FE6) Type: ElGamal
Size: 2048
Created: 2003-04-22 Expires: Never Status: Active Revocable: No
Prop Flags: Encrypt communications Prop Flags: Encrypt storage
ADK: None Revoker: None 1 key found
--list-keys (-l)
Lists the keys on a keyring in basic output mode. If you run the command with no user or key ID information, all keys on the keyring will be displayed. If you enter any user or key ID information, only keys that match will be displayed.
The usage format is:
pgp --list-keys [<user1> ...]
84 Where:
<user1> is the user ID, portion of a user ID, or the key ID of a key on your keyring.
Examples:
1 pgp --list-keys
Lists all of the keys on your keyrings using the format:
Alg Type Size/Type Flags Key ID User ID
--- ---- --- --- --- --- DSS pub 2048/1024 [---] 0xABCD1234 Alice C
1 key found
2 pgp -l Alice Bob Jill
Uses the short form of the command; displays any key on the keyring with
"Alice", "Bob", or "Jill" in the user ID.
3 pgp -l 0x12345678
Lists only the key with the specified key ID, if it is on the keyring.
--list-keys-xml
When you choose to list a key in XML format, PGP Command Line will display all information including all user IDs and signatures. If you run the command with no user or key ID information, all keys on the keyring will be displayed. If you enter any user or key ID information, only keys that match will be displayed.
To list keys in XML format, you may use either the command keys-xml, or a key list operation with the added option --keys-xml, such as --list-keys user1 --xml, or --list---list-keys --xml.
The usage format is:
pgp --list-keys-xml [<user1> …]
Where:
<user1> is the name of the specific local user whose keys you want to check.
Example:
pgp --list-keys-xml "Jose Medina"
Here is an abbreviated key list in XML format.
<?xml version="1.0"?>
<keyList>
<key>
....
85
<signature>
...
<subkey>
...
<adk>
...
<revoker>
</key>
</keyList>
--list-sig-details
Lists keys with their user IDs and signatures in detailed output mode.
The usage format is:
pgp --list-sig-details <user> [<user2> ...]
Where:
<user> is the user ID, portion of a user ID, or the key ID of a key on your keyring. You can list one or more users, with their names/IDs separated by a space. If you don’t specify a user, you will get an error message ("too many keys found").
Example:
pgp --list-sig-details Alice
Lists Alice’s key and shows details about her user IDs and signatures:
Signature Details: Alice Cameron <[email protected]>
Signed Key ID: 0xB2726BDF (0xAAEB5E06B2726BDF) Signed User ID: Alice Cameron <[email protected]>
Signer Key ID: 0xB2726BDF (0xAAEB5E06B2726BDF) Signer User ID: Alice Cameron <[email protected]>
Type: DSA signature Exportable: Yes
Status: Active Created: 2005-04-22 Expires: Never Trust Depth: 0 Domain: None 1 signature found
86
--list-sigs
Lists keys with their user IDs and signatures in basic output mode. If you run the command with no user or key ID information, all signatures on the keyring will be displayed. If you enter any user or key ID information, only signatures that match will be displayed.
The usage format is:
pgp --list-sigs [<user1> ...]
Where:
<user1> is the user ID, portion of a user ID, or the key ID of a key on the keyring.
Example:
pgp --list-sigs 0x12345678
Lists the user IDs and signatures on the key with the specified key ID, if it is on the keyring.
--list-userids
Lists keys and their user IDs in basic output mode. The command --list-users is the same as --list-userids.
The usage format is:
pgp --list-userids [<user1> ...]
Where:
<user1> is the user ID, portion of a user ID, or the key ID of a key on your keyring.
Examples:
1 pgp --list-userids
Lists all of the user IDs on the keys on your keyrings.
2 pgp --list-users
Same as the previous command, using the other form of the command.
3 pgp --list-userids Alice Bob Jill
Lists any key on the keyring with "Alice", "Bob", or "Jill" in the user ID.
87
Descriptions and Examples of Keyserver Commands
This chapter describes those commands that explain how PGP Command Line interacts with keyservers.
--keyserver-disable, which disables keys on a keyserver.
--keyserver-recv, which gets keys from a keyserver and imports them onto your keyring.
--keyserver-remove, which removes keys from a keyserver.
--keyserver-search, which searches a keyserver for keys but does not import them.
--keyserver-send, which sends keys to a keyserver.
--keyserver-update, which updates keys on a keyserver.
In This Chapter
Overview... 87 Commands... 88
Overview
PGP Command Line provides several commands that let you interact with keyservers. These commands help you post keys to a keyserver, import keys from a keyserver, and so on.
When using commands that require you to specify a keyserver, make sure to use the full URL to the keyserver such as ldap://keyserver.pgp.com, and not just keyserver.pgp.com.