Finding all files encrypted with a certain key

Werner Koch wk at
Tue Oct 24 11:20:25 CEST 2023

On Tue, 24 Oct 2023 11:38, Felix E. Klee said:
> For the purpose of re-encryption with a new key, I’d like to find all
> files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted
> files, independent of key, have the extension `.gpg`.
> How do I do that for a massive directory tree?

AMybe something like this
--8<---------------cut here---------------start------------->8---
gpg -d  --status-fd 1 -o /dev/null 2>/dev/null "$1" | awk '
$1=="[GNUPG:]" && $2=="ENC_TO" && $3=="BEF6EFD38FE8DCA0" {print $1; exit 0}'
--8<---------------cut here---------------end--------------->8---

find /foo -type f -name '*.gpg' -print0 | xargs -0 -n1

Best done with a keyring which does not hold any keys.  Does not catch
files which have hidden recipients.  Note that you need to test for the
subkey because that is the only information available in the encrypted

Using --list-packets or pgpdump might be better but those have no stable



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 243 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list