Understanding PGP/GPG Key Server Output

Saturday 26th October 2019

I was recently investigating a suspicious GPG key for one of my domains that had shown some activity on the key servers after been dormant for nearly 10 years. The key wasn't mine, and since anybody can create a key with any name and email address, this wasn't indicative of a breach or imposter. However, it was intriguing to see what this automated system, spammer, or whoever they may be, was trying to do with the key.

PGP/GPG key server output can sometimes be quite confusing, especially if a key has multiple subkeys, user IDs and signatures. This prompted me to create a reference guide for PGP/GPG key server output, to help anyone else who may be in a similar situation.

Below is the key server entry for Alice <alice@example.com>, signed by Bob <bob@example.com>, which are sample keys that I created. You can click on any part to find out what it means:

Type bits/keyID            cr. time   exp time   key expir

pub rsa4096/a40ced0a9eaba810f55bb88ca41a7776121ce43c
         Hash=f24c4ff33f09e7da1b0cb2cf72cb2be3

uid Alice <alice@example.com>
sig  sig  a41a7776121ce43c 2019-10-19T21:43:52Z 2020-10-18T21:43:52Z ____________________ [selfsig]
sig  sig  24b1fb13f1b3b06c 2019-10-19T21:51:07Z ____________________ ____________________ 24b1fb13f1b3b06c

uid Alice (Alt Email) <alice@example.com>
sig  sig  a41a7776121ce43c 2019-10-19T21:34:23Z 2020-10-18T21:34:23Z ____________________ [selfsig]
sig  sig  24b1fb13f1b3b06c 2019-10-19T21:51:08Z ____________________ ____________________ 24b1fb13f1b3b06c



sub dsa3072/d7cff40b9c95ede5f8d10b62e91a02198a286d8f 2019-10-19T23:05:19Z
sig sbind a41a7776121ce43c 2019-10-19T23:05:19Z ____________________ 2020-10-18T23:05:19Z []

sub rsa4096/b8d4d1ab55a0f662596c52ab47652ce725cb3e8f 2019-10-19T21:16:21Z
sig sbind a41a7776121ce43c 2019-10-19T21:16:21Z ____________________ 2020-10-18T21:16:21Z []

Entry type

The type of the following entry. Common values are:

pub (Public Key)
uid (User ID)
sig (Signature)
sub (Subkey)

You may also see the following values when using GPG locally:

sec (Secret Key / Private Key)
ssb (Secret Subkey / Private Subkey)

Key type

The type of key. Common values are:

rsa
dsa (Digital Signature Algorithm)
elg (Elgamel)

Key size (bits)

The size of the key, in bits. Usually between 1024 and 4096. 2048 is the modern bare-minimum, with 4096 recommended for futureproofing. DSA keys are limited to 3072 bits in GPG.

Key ID

The ID of the key, or if shown in a signature, the ID of the key that made the signature. Key IDs can be represented in multiple different ways:

Full fingerprint: The full key ID, consisting of 160 bits (40 characters when represented as hex).
Long ID: The lower 64 bits (16 characters) of the full fingerprint.
Short ID: The lower 32 bits (8 characters) of the full fingerprint.

For example:

Fingerprint: a40c ed0a 9eab a810 f55b b88c a41a 7776 121c e43c
Long ID:                                   a41a 7776 121c e43c
Short ID:                                            121c e43c

When using GPG locally, you can choose which key ID format to use when listing keys:

Show full key ID: gpg --fingerprint
Show long key ID: gpg --keyid-format long --list-keys
Show short key ID: gpg --keyid-format short --list-keys

Only fingerprints should be used nowadays, as brute-force techniques can be used to create 'unofficial' keys where the long or short key IDs collide with other 'legitimate' keys. This results in ambiguous trust, as a long or short key ID may match more keys than the one you are expecting.

Key hash

An MD5 digest of the key.

For some reason information about this is very sparse. From what I can gather, it seems to be something to do with SKS, rather than OpenPGP or GPG directly.

The source code for the Hockeypuck key server software provides some clues and confirms that it is definitely MD5. If anyone knows more about this, please get in touch.

User ID

The user ID of the key or subkey, consisting of a name and email address, and optionally a comment and/or photograph.

For example:

First Last (Comment) <email@example.com>

User IDs can be added, edited and removed using the --edit-keys option, which will bring up an interactive GPG shell. Some of the most common commands are:

list: List keys and UIDs
adduid: Add a UID
uid N: Select a UID number to edit
deluid: Delete the selected UID
primary: Make the selected UID the primary UID
trust: Change the trust level of the selected key
help: Show a help dialog

Certification level

The level of trust asserted by a specific signature. In the OpenPGP specification this is represented by the hex values 0x10 to 0x13, and displayed by GnuPG as sig through sig3:

0x10 / sig: No indication
0x11 / sig1: Personal belief but no verification
0x12 / sig2: Casual verification
0x13 / sig3: Extensive verification

In addition, sbind is used to represent the creation of the key/record, including the creation time.

When using GnuPG to create a signature, you can use the --ask-cert-level option to set the certification level.

Time stamp

A time stamp, represented in ISO8601 format, with the Z meaning 'Zulu', or UTC.

There are three columns of time stamps:

Column 1 - 'cr. time': Creation time of the key or signature
Column 2 - 'exp time': Expiry time of the signature
Column 3 - 'key expir': Expiry time of the key

Blank time stamps, represented as 20 underscores (____________________), indicate that a key or signature is set to not expire.

`[selfsig]`

Indicates that this is a self signature, whereby the users' own private key was used to sign their public key. This is done by default in most modern OpenPGP implementations.

`[]`

There is very little documentation as to the actual purpose of the square brackets at the end of sig sbind lines. They seem to just be a placeholder for notes such as selfsig.

However, the source code for the Hockeypuck GPG key server software seems to indicate that selfsig is the only possible value. If anybody has any further insight into this, please get in touch.