How can I display actual public/private key of key pair I just generated with gpg?

Question

I just created a key-pair locally on my linux machine with the gpg command:

gpg --gen-key 

Then I tried to display the information about my key-pair with the gpg command:

 gpg --list-keys

The long alpha-numeric number outputed by the above command is (from what I understand from reading the doc), the fingerprint of the public key of the pair, which is the result of applying a hash function on the public key.

1. Is this correct?

2. How can I see the actual public and private keys of the pair I generated? I know this isn't directly useful for encrypting or signing, I'm just curious to see what they look like

Thanks

Answer 1

To see the actual keys, use the "export" commands (--export and --export-secret-keys). You can specify which key to output by passing it the fingerprint of the key, you want to see.

Let's say you have a key with the fingerprint FINGERPRINT. Then you would export the public key to stdout via

gpg --armor --export FINGERPRINT

The option --armor (or -a) is needed to enable ASCII-armored output, so you get readable text in your shell. Without --armor gpg defaults to its binary PGP format, which is not for humans to read (thanks LyrePyre for pointing this out). You may also export the key to a file via the output option. Look at the man page section 'Input and Output' under 'Options' (man gpg) to see all the output options.

So if you want to export to let's say your home directory into a file MyPubKey.txt you can use this command:

gpg --output ~/MyPubKey.txt --armor --export FINGERPRINT

The same is valid for your private key, you just have to use --export-secret-key instead of --export. But keep in mind, that this poses a possible security risk. If you export your private key to an insecure (non-encrypted, accessible) storage device (a thumb stick for instance), your private key may well be retrievable, even if you have deleted it!