Can I get a public key from PGP signature?

Yes. The format of the signature is defined in RFC 4880. If you decode the base-64 and interpret the data, you will find that the bytes from position 19 to 26 (inclusive) are the issuer ID in this case:

ID hex: E48184B5B05676B1

which matches the "Long key ID" behind your link. If you convert the ID to base 64, you can find it in the original signature data, because 18 bytes happen to divide evenly into 24 base 64 characters:

ID b64: 5IGEtbBWdrE=
Signature: iEYEARECAAYFAlHZCvgACgkQ5IGEtbBWdrF5HgCfc4xhT29ouAWdo1PMlyDKIfaq...

You can get all of this information from gpg if you add the -vv command-line switch. (This means extra verbose.) For example, the easiest way to get detailed information about an OpenPGP-formatted message is to simply type:

gpg -vv

And then paste the message into it (or pass a filename as an argument.) For example, pasting in the message above gives you the following detailed and interesting information:

gpg: armor: BEGIN PGP SIGNED MESSAGE
gpg: armor header: Hash: SHA1
:packet 63: length 19 - gpg control packet
gpg: armor: BEGIN PGP SIGNATURE
gpg: armor header: Version: GnuPG v1.4.13 (GNU/Linux)
:literal data packet:
    mode t (74), created 0, name="",
    raw data: unknown length
gpg: original file name=''

I vote YES on this important measure.

Alan Eliasen
:signature packet: algo 17, keyid E48184B5B05676B1
    version 4, created 1373178616, md5len 0, sigclass 0x01
    digest algo 2, begin of digest 79 1e
    hashed subpkt 2 len 4 (sig created 2013-07-07)
    subpkt 16 len 8 (issuer key ID E48184B5B05676B1)
    data: [159 bits]
    data: [160 bits]
gpg: Signature made Sun 07 Jul 2013 12:30:16 AM MDT using DSA key ID B05676B1
gpg: using PGP trust model
gpg: key 92F88CF9: accepted as trusted key
gpg: key 6C77A726: accepted as trusted key
gpg: Good signature from "Alan Eliasen (http://futureboy.homeip.net/) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 402C C0D3 D527 13E3 FB7C  7103 E481 84B5 B056 76B1
gpg: textmode signature, digest algorithm SHA1

In that output, you can see the 16-hex-digit key id clearly: E48184B5B05676B1

That will let you search for the signer in a keyserver using something like:

gpg --search-keys E48184B5B05676B1

By the way, I wrote the GPG guide that you reference, and I can assure you that I signed the above message. :)


Yep, I actually can. With GnuPG, for example:

gpg --verify file.txt

(with the above file)

writes, at the end

Primary key fingerprint: 402C C0D3 D527 13E3 FB7C 7103 E481 84B5 B056 76B1

OpenPGP.js works too.

openpgp.cleartext.readArmored(

['-----BEGIN PGP SIGNED MESSAGE-----',
'Hash: SHA1',
'',
'',
'I vote YES on this important measure.',
'',
'Alan Eliasen',
'-----BEGIN PGP SIGNATURE-----',
'Version: GnuPG v1.4.13 (GNU/Linux)',
'',
'iEYEARECAAYFAlHZCvgACgkQ5IGEtbBWdrF5HgCfc4xhT29ouAWdo1PMlyDKIfaq',
'pGoAoKig5sCXukrPPoKC1ZYB5CW7BzNL',
'=WPPL',
'-----END PGP SIGNATURE-----']. join('\n')

).getSigningKeyIds()[0].toHex();

=>

"e48184b5b05676b1"

Tags:

Pgp