I have the following GPG public key stored inside a file called publickey.pub and encoded in ASCII Armor (Radix-64):

Version: 2.6.3ia


If I type:

$ gpg --with-fingerprint publickey.pub

I get the fingerprint of the key:

Key fingerprint = 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5

Now, how does GPG do it? I mean, is there a command that I can run without using gpg and still get the same fingerprint? With SSH, for example, given a public key I can do the following:

$ cat ~/.ssh/id_rsa.pub | awk '{print $2}' | base64 -D | md5

And that will return the same hash as:

$ ssh-keygen -l -f ~/.ssh/id_rsa.pub

I know that the actual content of the public key should be:


Without the last =K7lL part, which refers to the CRC checksum encoded in Base64. But if I type:

$ echo -n "mQCNAzNko/QAAAEEANZ2kpN/oMkz4tqzxvKPZws/XwsD0Y+E5/y7P2DIw4uHS/4N
>     syQbgkdrZhPBlXDv68DQioHXWsb904qyr7iZB1LC5ItK9MgqlK+Z2mvPqsGbHM8J
>     +oYib8kf2zJ6HvrYrP7NYB0tN9YYum2ICtx+hIi6aKGXdB1ATA5erwYmu0N9AAUR
>     tClSYWxmIFMuIEVuZ2Vsc2NoYWxsIDxyc2VAZW5nZWxzY2hhbGwuY29tPokAlQMF
>     EDNko/QOXq8GJrtDfQEBKVoD/2K/+4pcwhxok+FkuLwC5Pnuh/1oeOYHiKYwx0Z3
>     p09RLvDtNldr6VD+aL9JltxdPTARzZ8M50UqoF9jMr25GifheFYhilww41OVZA3e
>     cLXlLgda1+t0vWs3Eg/i2b0arQQDaIq7PeRdjdEDgwnG4xBaqaAqfgxwOXJ+LPWF
>     hiXZ" | base64 -D | md5

I get the following output:


Which, as you can see, doesn't match 00 C9 21 8E...

Checking the RFC 4880 -> https://www.rfc-editor.org/rfc/rfc4880#section-12.2:

For a V3 key, the eight-octet Key ID consists of the low 64 bits of
the public modulus of the RSA key.

The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public
modulus n, followed by exponent e) with MD5. Note that both V3 keys
and MD5 are deprecated.

A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99,
followed by the two-octet packet length, followed by the entire
Public-Key packet starting with the version field. The Key ID is the low-order 64 bits of the fingerprint.

How does it translate to a command line command?

EDIT 1: I am trying to do that with pgpdump -i:

$ pgpdump -i publickey.pub
Old: Public Key Packet(tag 6)(141 bytes)
    Ver 3 - old
    Public key creation time - Mon Apr 28 17:19:48 MSD 1997
    Valid days - 0[0 is forever]
    Pub alg - RSA Encrypt or Sign(pub 1)
    RSA n(1024 bits) - d6 76 92 93 7f a0 c9 33 e2 da b3 c6 f2 8f 67 0b 3f 5f 0b 03 d1 8f 84 e7 fc bb 3f 60 c8 c3 8b 87 4b fe 0d b3 24 1b 82 47 6b 66 13 c1 95 70 ef eb c0 d0 8a 81 d7 5a c6 fd d3 8a b2 af b8 99 07 52 c2 e4 8b 4a f4 c8 2a 94 af 99 da 6b cf aa c1 9b 1c cf 09 fa 86 22 6f c9 1f db 32 7a 1e fa d8 ac fe cd 60 1d 2d 37 d6 18 ba 6d 88 0a dc 7e 84 88 ba 68 a1 97 74 1d 40 4c 0e 5e af 06 26 bb 43 7d 
    RSA e(5 bits) - 11 
Old: User ID Packet(tag 13)(41 bytes)
    User ID - Ralf S. Engelschall <[email protected]>
Old: Signature Packet(tag 2)(149 bytes)
    Ver 3 - old
    Hash material(5 bytes):
        Sig type - Generic certification of a User ID and Public Key packet(0x10).
        Creation time - Mon Apr 28 17:19:48 MSD 1997
    Key ID - 0x0E5EAF0626BB437D
    Pub alg - RSA Encrypt or Sign(pub 1)
    Hash alg - MD5(hash 1)
    Hash left 2 bytes - 29 5a 
    RSA m^d mod n(1023 bits) - 62 bf fb 8a 5c c2 1c 68 93 e1 64 b8 bc 02 e4 f9 ee 87 fd 68 78 e6 07 88 a6 30 c7 46 77 a7 4f 51 2e f0 ed 36 57 6b e9 50 fe 68 bf 49 96 dc 5d 3d 30 11 cd 9f 0c e7 45 2a a0 5f 63 32 bd b9 1a 27 e1 78 56 21 8a 5c 30 e3 53 95 64 0d de 70 b5 e5 2e 07 5a d7 eb 74 bd 6b 37 12 0f e2 d9 bd 1a ad 04 03 68 8a bb 3d e4 5d 8d d1 03 83 09 c6 e3 10 5a a9 a0 2a 7e 0c 70 39 72 7e 2c f5 85 86 25 d9 
        -> PKCS-1

How should I extract modulus and exponent? I guess I should do something with this portion of the output:

Hash left 2 bytes - 29 5a 
RSA m^d mod n(1023 bits) - 62 bf fb 8a 5c c2 1c 68 93 e1 64 b8 bc 02 e4 f9 ee 87 fd 68 78 e6 07 88 a6 30 c7 46 77 a7 4f 51 2e f0 ed 36 57 6b e9 50 fe 68 bf 49 96 dc 5d 3d 30 11 cd 9f 0c e7 45 2a a0 5f 63 32 bd b9 1a 27 e1 78 56 21 8a 5c 30 e3 53 95 64 0d de 70 b5 e5 2e 07 5a d7 eb 74 bd 6b 37 12 0f e2 d9 bd 1a ad 04 03 68 8a bb 3d e4 5d 8d d1 03 83 09 c6 e3 10 5a a9 a0 2a 7e 0c 70 39 72 7e 2c f5 85 86 25 d9  

I have tried to echo the binary values of those hex digits:

29 5a (Hash left 2 bytes) concatenated with: 62 bf fb 8a 5c c2 1c 68 93 e1 64 b8 bc 02 e4 f9 ee 87 fd 68 78 e6 07 88 a6 30 c7 46 77 a7 4f 51 2e f0 ed 36 57 6b e9 50 fe 68 bf 49 96 dc 5d 3d 30 11 cd 9f 0c e7 45 2a a0 5f 63 32 bd b9 1a 27 e1 78 56 21 8a 5c 30 e3 53 95 64 0d de 70 b5 e5 2e 07 5a d7 eb 74 bd 6b 37 12 0f e2 d9 bd 1a ad 04 03 68 8a bb 3d e4 5d 8d d1 03 83 09 c6 e3 10 5a a9 a0 2a 7e 0c 70 39 72 7e 2c f5 85 86 25 d9

And the command I ended up with was:

$ echo -ne "\x29\x5a\x62\xbf\xfb\x8a\x5c\xc2\x1c\x68\x93\xe1\x64\xb8\xbc\x02\xe4\xf9\xee\x87\xfd\x68\x78\xe6\x07\x88\xa6\x30\xc7\x46\x77\xa7\x4f\x51\x2e\xf0\xed\x36\x57\x6b\xe9\x50\xfe\x68\xbf\x49\x96\xdc\x5d\x3d\x30\x11\xcd\x9f\x0c\xe7\x45\x2a\xa0\x5f\x63\x32\xbd\xb9\x1a\x27\xe1\x78\x56\x21\x8a\x5c\x30\xe3\x53\x95\x64\x0d\xde\x70\xb5\xe5\x2e\x07\x5a\xd7\xeb\x74\xbd\x6b\x37\x12\x0f\xe2\xd9\xbd\x1a\xad\x04\x03\x68\x8a\xbb\x3d\xe4\x5d\x8d\xd1\x03\x83\x09\xc6\xe3\x10\x5a\xa9\xa0\x2a\x7e\x0c\x70\x39\x72\x7e\x2c\xf5\x85\x86\x25\xd9" | md5

Which should output the binary data of those hex digits and then compute the MD5 hash on that binary data, but the hash I get is still different:


I know I am doing it wrong but I didn't find infos on how to interpret the pgpdump output correctly and which parts of what I should concatenate and then hash...

EDIT: Thanks to Jens Erat, with this little "OpenPGP's fingerprints geeking" I can conclude that:

For V3 keys RSA 1024 bit keys hashed with MD5, the fingerprint is computed against 129 bytes made up of the 128 bytes of the RSA n MPI (which starts at the byte offset 14 (provided that the first byte is at offset 1) of the raw OpenPGP public key exported with gpg --export $UID) concatenated with 1 byte which is the byte at offset 144 and therefore omitting the 2 length bytes at offset 142 and 143, as RFC 4880 says.

The following command computes the fingerprint using raw GPG data and :

gpg --export $UID | xxd -p | tr -d '\n ' | tail \
-c +27 | cut -c -256,261-262 | sed -e 's/[0-9a-fA-F]\{2\}/\\\\x&/g' | while read TMP; do \
echo -ne $TMP; done | md5 | sed -e 's/[0-9a-f]\{2\}/ &/g' | \
awk '{print "\n MD5 fingerprint:"toupper($0)"\n"}' 

Where $UID is the UID of the key holder.

For OpenPGP V4 RSA public keys, the story is different:

For 2048 bit RSA public keys, the fingerprint is obtained by hashing the first 272 bytes of the raw OpenPGP key data with SHA1:

gpg --export $UID | head -c 272 | shasum | grep -Eo "[0-9a-f]+" | sed -e 's/[0-9a-f]\{4\}/ &/g' | \
awk '{print "\n RSA 2048 bit SHA1 fingerprint:"toupper($0)"\n"}'

For 4096 bit RSA public keys, the fingerprint is obtained by hashing the first 528 bytes of the raw OpenPGP key data with SHA1:

gpg --export $UID | head -c 528 | shasum | \
grep -Eo "[0-9a-f]+" | sed -e 's/[0-9a-f]\{4\}/ &/g' | \
awk '{print "\n RSA 4096 SHA1 fingerprint:"toupper($0)"\n"}'

Should be enough. Anyway, using gpgsplit with V4 keys seems to be more portable.

1 Answer 1


For OpenPGP keys, it is not as easy as with SSH. The fingerprint is not calculated from the whole Base64-encoded public key, but only on some (binary) parts of it.

For a version 3 OpenPGP key, what you'd have to do is:

  1. Parse the OpenPGP public key packet
  2. For RSA, extract modulus and exponent
  3. Concatenate their binary values
  4. Calculate the hashsum

For step 1 and 2, you can rely the tool pgpdump, which can parse and output the numbers using the -i flag.

For version 4 keys, it even gets more complicated.

If you want to calculate the hashsum for educational purposes, I'd recommend extending pgpdump instead and use all the available parser code, so you can directly work on the extracted information. I'm pretty sure handling the binary information will be easier than with pure shell code, either.

UPDATE: You used the wrong integers. Use the ones in lines RSA n and RSA e instead. Putting everything together in a few lines using standard tools:

pgpdump -i publickey.pub | \
grep -E '(RSA n|RSA e)' | \
cut -d'-' -f2 | \
tr -d "\n " | \
perl -e 'print pack "H*", <STDIN>' | \

pgpdump -i dumps the key's MPIs, which we grep out, cut off eeverything we don't need, translate away all the whitespace, convert to binary using perl and finally calculate the md5sum.

Running on the key your provided:

$ pgpdump -i publickey.pub | \
> grep -E '(RSA n|RSA e)' | \
> cut -d'-' -f2 | \
> tr -d "\n " | \
> perl -e 'print pack "H*", <STDIN>' | \
> md5sum
00c9218ed1ab7037dd67a23a0a6f8da5  -

Seems pretty much to be what we're looking for.

For the sake of completeness, the same for version 4 keys, where you need another toolchain. We need the full public key packet. To decompose an OpenPGP message, gpgsplit comes in handy. Afterwards, you can immediately calculate the sha1sum of the file:

gpgsplit publickey.pub; sha1sum *.public_key

For example, running on my own key:

$ gpgsplit publickey.pub; sha1sum *.public_key
0d69e11f12bdba077b3726ab4e1f799aa4ff2279  000001-006.public_key
  • I am trying to use pgpdump as you suggested, please, check my edit! Commented Sep 13, 2015 at 12:31
  • You used the wrong integers. You finally raised my own curiousness, I extended the answer with solutions for both calculating version 3 and 4 fingerprints.
    – Jens Erat
    Commented Sep 13, 2015 at 15:54
  • 1
    Thanks you Jens! Please, check my edit, also the following commands seem to work for V4 keys: gpg --export $UID | head -c 272 | sha1sum for 2048 RSA keys and gpg --export $UID | head -c 528 | sha1sum for 4096 RSA keys. Commented Sep 14, 2015 at 20:17

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .