Finding all files encrypted with a certain key
Andrew Gallagher
andrewg at andrewg.com
Tue Oct 24 11:18:34 CEST 2023
Apologies to the `file` authors, it’s a BSD utility, not GNU.
A
On 24 Oct 2023, at 10:11, Andrew Gallagher via Gnupg-users <gnupg-users at gnupg.org> wrote:
>
> Signed PGP part
> On 24 Oct 2023, at 04:38, Felix E. Klee <felix.klee at inka.de> wrote:
>>
>> For the purpose of re-encryption with a new key, I’d like to find all
>> files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted
>> files, independent of key, have the extension `.gpg`.
>>
>> How do I do that for a massive directory tree?
>
> Hi, Felix.
>
> GNU `file` will print the encryption key ID:
>
> ```
> andrewg at fum:~$ file hidden_service/private_key.gpg
> hidden_service/private_key.gpg: PGP RSA encrypted session key - keyid: 6B090693 14549D4B RSA (Encrypt or Sign) 4096b .
> ```
>
> That keyid is the encryption subkey, so you can grep file’s batch output for its short ID, e.g.:
>
> ```
> file *.gpg | grep $SHORT_ENC_SUBKEY_ID
> ```
>
> Note that due to file’s use of whitespace, you can’t grep for the long ID unless you mangle it accordingly.
>
> If you don’t have GNU file, you can try `gpg —list-packets` instead, but this will be slower as gpg will parse the entire file. Also, it only parses one file at a time, and the encryption key ID is output on STDERR. You can invoke it in a bash loop like this:
>
> ```
> find . -name '*.gpg' -print0 | while read -r -d '' file; do
> echo -n "$file: "
> gpg --list-packets "$file" 2>&1 >/dev/null
> done | grep $SHORT_ENC_SUBKEY_ID
> ```
>
> A
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20231024/d999cc06/attachment.sig>
More information about the Gnupg-users
mailing list