Finding all files encrypted with a certain key

raf gnupg at
Wed Oct 25 02:13:44 CEST 2023

On Tue, Oct 24, 2023 at 11:38:52AM +0800, "Felix E. Klee" <felix.klee at> wrote:

> For the purpose of re-encryption with a new key, I’d like to find all
> files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted
> files, independent of key, have the extension `.gpg`.
> How do I do that for a massive directory tree?

With my rawhide (rh) program ( you can do
it with something like this:

 rh /path '"*.gpg" && "*PGP*encrypted*BEF6EFD3 8FE8DCA0*".what'

That looks under /path for files whose names end in .gpg and
whose file(1) output would contain the given glob pattern,
but no file(1) processes are created. The output of file(1)
for an encrypted file looks something like:

 file.gpg: PGP RSA encrypted session key - keyid: 49C40F3A BA227C81 RSA (Encrypt or Sign) 4096b .

It can also be done with find(1) of course, but it's a
little slower because it needs additional processes for
each encrypted file:

 find /path -name '*.gpg' \
  -execdir /bin/sh -c 'file {} | grep -q "PGP.*encrypted.*BEF6EFD3 8FE8DCA0"' \; \

But the extra time is probably immaterial when followed
by re-encryption.

While testing these, I just noticed that /usr/bin/file
on my macOS-10.14 laptop shows a different keyid to
what libmagic shows. That's bizarre.

For some encrypted files of mine, /usr/bin/file (v5.33)
shows 3A0FC449 817C22BA but libmagic/rh shows 49C40F3A
BA227C81 for the same files. A more recent version of
file (v5.45) installed via macports shows the same as
libmagic/rh. So choose your version of file(1) wisely. :-)

Also, in case you need to re-encrypt regularly, I
recommend assigning some label to the key and putting
it in the filename (e.g. blah.gpg.key23). Then you
don't need to look inside the file, and if it takes a
long time to re-encrypt lots of files, you can easily
see how it's progressing.


More information about the Gnupg-users mailing list