Tool explain

gpg --edit-key <userId>


pub dsa2048/C416A52150F77D20

created: 2016-06-08 expires: never usage: SCA

trust: unknown validity: unknown

sub elg2048/4B3FF8565265D493

created: 2016-06-08 expires: never usage: E

[ unknown] (1). Qvalent TEST 2048 PGP Key <test2048@qvalent.com>


1 pub: primary key, C41....20 is keyId

sub 4B3FF: there is one sub key

usage: flag of key (Sign, Encrypt, Authenticate)

Packet structure

gpg -a --export "devops@mail.com" | gpg --list-packets --verbose

For public key:

:public sub key packet:

version 4, algo 1, created 1571951147, expires 0

pkey[0]: ....

keyid: DE19715BA9111195

:signature packet: algo 1, keyid 0695AFCE71C45D3F

version 4, created 1571951147, md5len 0, sigclass 0x18

digest algo 8, begin of digest 13 ae

hashed subpkt 33 len 21 (issuer fpr v4 2CAE56F4DB5DD1A7282A73590695AFCE71C45D3F)

hashed subpkt 2 len 4 (sig created 2019-10-24)

hashed subpkt 27 len 1 (key flags: 0C)

hashed subpkt 9 len 4 (key expires after 2y0d0h0m)

subpkt 16 len 8 (issuer key ID 0695AFCE71C45D3F)

data: 325330BBB395D687D7F48E45B754EA3B7A8694

For private key:

:secret key packet:


It's packet to describe sub key .

Then a packet signature that describe that subkey

In packet signature, there are sub packet *subpkt*.

Then there are 2 types: hashed subpk and un hashed subpacket.

hashed subpkt 27 len 1 (key flags: 0C)
27 is type of subpacket which means "key flags". 0C is the value of this subpacket which mean Sign/Encrypt/.....

data: data of the whole package

in :signature packet... keyId. That keyId is the keyId which used for signing that packet. It can be the primary key or key of another certificate