more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K'

[Werner Koch]

On Mon, 21 Mar 2016 21:05, viktordick86 at gmail.com said:

> key and not present in the folder). I guess these are expired subkeys
> which I somehow deleted from my keyring, but why would the private keys

Or keys used by SSh or X.509.

Use gpg-connect-agent and then:

  > help keyinfo
  # KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--with-ssh] <keygrip>
  # 
  # Return information about the key specified by the KEYGRIP.  If the
  # key is not available GPG_ERR_NOT_FOUND is returned.  If the option
  # --list is given the keygrip is ignored and information about all
  # available keys are returned.  If --ssh-list is given information
  # about all keys listed in the sshcontrol are returned.  With --with-ssh
  # information from sshcontrol is always added to the info. Unless --data
  # is given, the information is returned as a status line using the format:
  # 
  #   KEYINFO <keygrip> <type> <serialno> <idstr> <cached> <protection> <fpr>
  # 
  # KEYGRIP is the keygrip.
  # 
  # TYPE is describes the type of the key:
  #     'D' - Regular key stored on disk,
  #     'T' - Key is stored on a smartcard (token),
  #     'X' - Unknown type,
  #     '-' - Key is missing.
  # 
  # SERIALNO is an ASCII string with the serial number of the
  #          smartcard.  If the serial number is not known a single
  #          dash '-' is used instead.
  # 
  # IDSTR is the IDSTR used to distinguish keys on a smartcard.  If it
  #       is not known a dash is used instead.
  # 
  # CACHED is 1 if the passphrase for the key was found in the key cache.
  #        If not, a '-' is used instead.
  # 
  # PROTECTION describes the key protection type:
  #     'P' - The key is protected with a passphrase,
  #     'C' - The key is not protected,
  #     '-' - Unknown protection.
  # 
  # FPR returns the formatted ssh-style fingerprint of the key.  It is only
  #     printed if the option --ssh-fpr has been used.  It defaults to '-'.
  # 
  # TTL is the TTL in seconds for that key or '-' if n/a.
  # 
  # FLAGS is a word consisting of one-letter flags:
  #       'D' - The key has been disabled,
  #       'S' - The key is listed in sshcontrol (requires --with-ssh),
  #       'c' - Use of the key needs to be confirmed,
  #       '-' - No flags given.
  # 
  # More information may be added in the future.
  OK
  
This returns what gpg-agent knows about the private keys.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.