Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get expiration date from a gpg key

Tags:

gnupg

Below is an exported public gpg key generated by gpg --armor --export [email protected] (email taken from gpg man ;) )

How can I get the expiration date from that key? Is there available open project or maybe a function that I can use for that?

I know that I can execute gpg --list-keys searching for [email protected] but my problem is that I get a key in the format below, and I need to pull this information in that data.

I have already username read from it using reverse engineering based on gpg rfc spec, but this time I would rather look for something better than a 'home made' approach.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (SunOS)

mQGiBFqNy1sRBADnegXzBpsnDgSudhj5S4+Lv0rwHHcJDg0nxHPf2KaefXnytzhm
tf/43xQaaPUpIg2UMV2qhdA9qczMlqe6llz7sQbi4v0QTuOPSx2EcKb364TcsG5K
RO180ghq0RmeK+EDfCn8i5aPfGucaPXpUJ9ZaRaJmEWlv57eymPEW+FAVwCgmATR
w4bcPZWyUMaO/MsB4+IA1zkEALB60PN8sA1mFyf0z9mlXYoP/T68pAHFMWd+NNcB
K7+BmHZEhTUEUwB1pfO/s6AurSCAFHUmhM2S9VBkci+EuyFVCkorZbbjCdZ3Nim5
KojcIL319mbYNyfzVkxLLbrHaSvax7xmyLY7HfXEYyJskR6fk4zB7er4VKDIh1gZ
G9T/A/9j1FslL0sBZ2YfcDVWpfofoX2hxW9Y0ihxHGpVtwcOd90RFXEt1jjDP2O2
iPkseTpxT2bG9qGK89YymKZjNnXKxZoYG0Y1peiHL4dX4EeEkGS72MWLwCUupuxh
w4MzH7mgtAV4UxXm2WjomWX8aZqJ5YQ4Cnxs0f6zcDnTSj8DvLQwSGVpbnJpY2gg
SGVpbmUgKHRlc3QpIDxoZWlucmljaGhAZHVlc3NlbGRvcmYuZGU+iGUEExECACUF
AlqNy1sCGwMFCQABUYAGCwkIBwMCBBUCCAMDFgIBAh4BAheAAAoJECAy3dUnZnUw
6BUAn1ikxbVvcJ6vaARftyK/Uw6Zw9WKAJwPgbcy02HMvtjQCaCtusLl12ZdLLkC
DQRajctbEAgA1YU+9LWaSdInlCMaF639qaE8bv3JK2DbNj/0v+QwmQT81Jp6U37j
XbU+zA85nw96zwjBDz9ACg3jtQlrbg7e+ooJQMzCVYkkIJH8mkQi8JYswLFFaKRp
dJy43Gyx+ehbOT5FGfeX8VoAbuDhBJKtssmH/EEz9hYLLLZ8me88onnNOWCAAWF+
bOJSemRMppY5f9nQwUMk7uG5yv9Wk/E98w+evow10bhWs3cyCxvT6IHQSGS0m+iC
vCDhaSRy+cRf+GRqy/LyUb4z7Q4TZRrcE/X3xY7FW8/iNSlkv5oMjpFoaYBpSzkE
vdXsdOJQVZHnefkUDXTMl7OPWX9RyX1CbwADBQgAh+Bsn7lin/z8WIDIwlo7B7ag
p8YzFeJqsyPxP2I9a36mVrHOopXHotMMCPBF9lm227vXwB+z8fKoujzd9himVspo
fMA5GGvPHEya4ldha+3ChJTNgErZfkczzbcoP6YLmxI+kfW/OwjTq0Ivi0afhChR
vhb/N+hXoVcGm9ciA9xnoGE0+hZpzf5iF/SiL/T4wkCQy68PoCHxzrxWAnaqqldV
nYBEG5mUzrvqYb2iKWf24qt34og5GV4mrlNPSuvj7faE1BQe5JgEIhr8TS9Secnc
qQGJPh/+afK4Y8kl4CvQq3/BQddoFKgZdmUgaIBZN/fDqWwGfWLVx0mWXQgEbIhP
BBgRAgAPBQJajctbAhsMBQkAAVGAAAoJECAy3dUnZnUwNIwAn3+A5rGyGNZBD5qT
FgSoVvy7JcRLAKCX9sgU2by9pKxTmyZXvaUrEwGwXw==
=Ojdl
-----END PGP PUBLIC KEY BLOCK-----
like image 224
Grzegorz Avatar asked Feb 21 '18 19:02

Grzegorz


1 Answers

Looks like I can pipe it to gpg --list-packets and check (see EDIT at the end for a better solution):

  • "created" value (here it is 1519242075 -> Wed Feb 21 14:41:15 EST 2018)
  • or "sig created" (here it is 2018-02-21)
  • "key expires after" (here it is 1d0h0m)

Note - when key does not expire then the "key expires after" field is not listed.

#> gpg -a --export "Heinrich Heine" | gpg --list-packets
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
:public key packet:
        version 4, algo 17, created 1519242075, expires 0
        pkey[0]: [1024 bits]
        pkey[1]: [160 bits]
        pkey[2]: [1024 bits]
        pkey[3]: [1023 bits]
:user ID packet: "Heinrich Heine (test) <[email protected]>"
:signature packet: algo 17, keyid 2032DDD527667530
        version 4, created 1519242075, md5len 0, sigclass 0x13
        digest algo 2, begin of digest e8 15
        hashed subpkt 2 len 4 (sig created 2018-02-21)
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 9 len 4 (key expires after 1d0h0m)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
        hashed subpkt 22 len 2 (pref-zip-algos: 2 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        subpkt 16 len 8 (issuer key ID 2032DDD527667530)
        data: [159 bits]
        data: [156 bits]
:public sub key packet:
        version 4, algo 16, created 1519242075, expires 0
        pkey[0]: [2048 bits]
        pkey[1]: [3 bits]
        pkey[2]: [2048 bits]
:signature packet: algo 17, keyid 2032DDD527667530
        version 4, created 1519242075, md5len 0, sigclass 0x18
        digest algo 2, begin of digest 34 8c
        hashed subpkt 2 len 4 (sig created 2018-02-21)
        hashed subpkt 27 len 1 (key flags: 0C)
        hashed subpkt 9 len 4 (key expires after 1d0h0m)
        subpkt 16 len 8 (issuer key ID 2032DDD527667530)
        data: [159 bits]
        data: [160 bits]

There is even a "better" way to let gpg analyze expiration date. Just run:

gpg --with-colons file.pub

See this site for explanation of the output

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS

EDIT: Use gpg --with-colon --fixed-list-mode to avoid 2038 year issue. See more: gpg --with-colon returns ????-??-?? as the expiration date. Linux Y2K issue?

like image 88
Grzegorz Avatar answered Oct 30 '22 14:10

Grzegorz