How do I look inside apt/trusted.gpg?
$ apt-key list
From the docs on secure apt:
apt-key is a program that is used to manage a keyring of gpg keys for secure apt. The keyring is kept in the file /etc/apt/trusted.gpg (not to be confused with the related but not very interesting /etc/apt/trustdb.gpg). apt-key can be used to show the keys in the keyring, and to add or remove a key.
I came across this question while I too was trying to figure out how to get information on a public key file using GnuPG. In addition to the commands Darren tried, I also tried --fingerprint
but got the same gpg: error reading key: public key not found
error message.
After discovering the answer, I thought I’d complement Andrew's answer with a more general way of printing information about any public key file:
$ gpg --with-fingerprint /etc/apt/trusted.gpg
pub 1024D/437D05B5 2004-09-12 Ubuntu Archive Automatic Signing Key <[email protected]>
Key fingerprint = 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5
sub 2048g/79164387 2004-09-12
pub 4096R/C0B21F32 2012-05-11 Ubuntu Archive Automatic Signing Key (2012) <[email protected]>
Key fingerprint = 790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
pub 4096R/EFE21092 2012-05-11 Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>
Key fingerprint = 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
pub 1024D/FBB75451 2004-12-30 Ubuntu CD Image Automatic Signing Key <[email protected]>
Key fingerprint = C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451
As can be seen, the above lists the same information as the output of apt-key list
– though the formatting of apt-key
is much more readable.
The gpg
man page only states that the --with-fingerprint
option should be the “Same as the command --fingerprint
” but (with GnuPG 1.4.20), it also lists fingerprints when a filename is supplied instead of a key ID. As the above example shows, this option can also be used to print the fingerprints of a public ring containing multiple keys.