How do I get the "user name" field from a public key block with GPG?

Question

The fact that I have to ask about this after plowing down so many hours into this already tells me that at least one of these two statements is true:

1. I'm doing something horribly wrong.
2. PGP/GPG is an absolute mess which purposedly makes it as difficult and confusing to work with as possible.

Basically, my system automatically imports any PGP public key blocks sent to me, for the purpose of being able to encrypt messages automatically when they are going out (sent from me as a reply).

When you encrypt a plaintext message with PGP/GPG, you tell the program which "receiver" to use. This confusing term actually refers to the "full name + e-mail address" field (which is for some reason called "user name") in a public key stored in GPG.

Well, when I "import" such a PGP public key block (which works), I have no idea what the "user name" field is, and if I don't know that, I can't actually use it, since the encryption feature wants me to refer to the correct "stored public key".

But how do I actually extract the "user name" field from the public key? You'd think it would return this when you do the --import command, but as far as I can tell, it doesn't. And I've been digging for hours and hours in the manual without finding anything related to this.

For the record, I did find this StackOverflow thread: https://security.stackexchange.com/questions/50965/extracting-the-gpg-userid-from-the-public-key-file ... but it makes absolutely no sense to me. The "solution" already knows about and specifies some kind of id, which seems to defeat the whole point since that's essentially what we are trying to find (except it's the "user name" field).

I've seen all kinds of "common/useful PGP/GPG commands" and none of them even mention this whatsoever. Huh? This is like the most basic and crucial task... I'm very confused. Why doesn't the --import command give me any kind of id to use? Does it, but in some convoluted way?

Answer 1

Why doesn't the --import command give me any kind of id to use? Does it, but in some convoluted way?

It does, it's mostly your expectation of an "usable ID" that is mostly wrong.

When you encrypt a plaintext message with PGP/GPG, you tell the program which "receiver" to use. This confusing term actually refers to the "full name + e-mail address" field (which is for some reason called "user name") in a public key stored in GPG.

The field is called "User ID". It is not called "user name".

Many programs (primarily gpg and all tools which wrap it) will also accept recipients by just their email address, or any other substring match of the user-ID, or the full 160-bit public key fingerprint, or the "key ID" (32/64-bit truncated fingerprint). For example:

gpg --recipient [email protected] --encrypt
gpg --recipient EA708A76F932CCEAF60D364375F1129BE6E591E4 --encrypt
gpg --recipient "EA70 8A76 F932 CCEA F60D 3643 75F1 129B E6E5 91E4" --encrypt
gpg --recipient fred --encrypt
gpg --recipient 0x75F1129BE6E591E4 --encrypt

(You can test a match by passing it to gpg --list-keys, e.g. gpg -k fred.)

Out of these, specifying the recipient by fingerprint is the most secure option. The "User ID" field (whether full or partial) is only a safe identifier if you make use of Web of Trust or have some other way to distinguish a legitimate "Fred Foobar" key from a fake "Fred Foobar" key.

Well, when I "import" such a PGP public key block (which works), I have no idea what the "user name" field is, and if I don't know that, I can't actually use it, since the encryption feature wants me to refer to the correct "stored public key".

GnuPG always shows this field as part of the gpg --import output (along with the 64-bit "key ID"). For example:

$ gpg --status-fd=2 --import < /tmp/test.key
gpg: key 75F1129BE6E591E4: public key "Test User <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

To use this in an automated tool, use --status-fd which gives you the full 160-bit fingerprint. For example:

$ gpg --status-fd=2 --import < /tmp/test.key
[GNUPG:] IMPORT_OK 0 EA708A76F932CCEAF60D364375F1129BE6E591E4
[GNUPG:] KEY_CONSIDERED EA708A76F932CCEAF60D364375F1129BE6E591E4 0
[GNUPG:] IMPORT_RES 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0

If you are using some other PGP software (i.e. not GnuPG) and it does not show you any information about what keys it has just imported, then it's an UI issue in that other PGP software.