How to display the usage flags for the encryption keys in a less hackish way


I am trying to educate myself on the use of encryption keys and I've been experimenting with this old Linus Torvalds’ key that I found 956EB7BF449FA3AB.

I am interested to display the usage flags but neither gpg2 --list-keys 449FA3AB nor gpg2 --fingerprint 449FA3AB display the usage flags.

The only way I've found to get the usage flag information is this hackish way.

$ gpg2 --edit-key 449FA3AB
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  1024D/449FA3AB  created: 1999-10-05  expired: 2001-10-04  usage: SCA 
                     trust: unknown       validity: expired
sub  2048g/BFF491C5  created: 1999-10-05  expired: 2001-10-04  usage: E   
[ expired] (1). Linus Torvalds <>

gpg> quit


What is the official way to display the usage flags?

Best Answer

  • The machine-readable format using --with-colons contains the usage flag as last column. It is not very readable for humans, but contains the data you're looking for.

    $ gpg2 --with-colons --list-keys 449FA3AB
    uid:e::::939086351::81A3799583B9B1B391E4C428112F302FF2ADF462::Linus Torvalds <>:

    Torwald's public key can be used for signing, certifications and authentication; the subkey can be used for encryption.