Post · bonfire.cafe

Analogously, we can inspect a modern v6 OpenPGP certificate, which uses up-to-date formats from the very recent RFC 9580.

We'll make a fresh example v6 certificate to look at with the "rsop" tool:

$ rsop generate-key --profile rfc9580 "" | rsop extract-cert > alice_v6.cert

And then look into it with:

$ rpgp status alice_v6.cert

🧵 3/5

Heiko

@hko@floss.social replied · last month

Analogously, we can inspect a modern v6 OpenPGP certificate, which uses up-to-date formats from the very recent RFC 9580.

We'll make a fresh example v6 certificate to look at with the "rsop" tool:

$ rsop generate-key --profile rfc9580 "" | rsop extract-cert > alice_v6.cert

And then look into it with:

$ rpgp status alice_v6.cert

🧵 3/5

Heiko

@hko@floss.social replied · last month

We can also ask the "rpgp" CLI tool to emit the same certificate status information in #JSON format:

$ rpgp status --json alice_v6.cert

Please be aware that the rpgp JSON output format is in a very early stage, and may be subject to change!

(At some point I will commit to not changing the JSON format on a whim, but that point is not right now.)

🧵 4/5

A terminal session that shows the following command and output:

$ rpgp status --json alice_v6.cert
{
"primary": {
"fingerprint": "9a47c697b8dfa657ad8d2bc31df18da8924a281f2f589600352f7bac05f61a81",
"version": 6,
"created": "2025-08-24T22:26:06Z",
"algorithm": "Ed25519",
"status": {
"valid": {}
},
"key_flags": [
"Certify",
"Sign"
]
},
"subkeys": [
{
"fingerprint": "7e1a88fc27cfbb94ab1e088f32bfc3551bc88b4044a02f8ff685a0b14ad8ff9c",
"version": 6,
"created": "2025-08-24T22:26:06Z",
"algorithm": "X25519",
"status": {
"valid": {}
},
"key_flags": [
"Encrypt"
]
}
],
"user_ids": [
{
"id": "<alice@example.org>",
"primary": true,
"status": {
"valid": {}
}
}
]
} — A terminal session that shows the following command and output: $ rpgp status --json alice_v6.cert { "primary": { "fingerprint": "9a47c697b8dfa657ad8d2bc31df18da8924a281f2f589600352f7bac05f61a81", "version": 6, "created": "2025-08-24T22:26:06Z", "algorithm": "Ed25519", "status": { "valid": {} }, "key_flags": [ "Certify", "Sign" ] }, "subkeys": [ { "fingerprint": "7e1a88fc27cfbb94ab1e088f32bfc3551bc88b4044a02f8ff685a0b14ad8ff9c", "version": 6, "created": "2025-08-24T22:26:06Z", "algorithm": "X25519", "status": { "valid": {} }, "key_flags": [ "Encrypt" ] } ], "user_ids": [ { "id": "<alice@example.org>", "primary": true, "status": { "valid": {} } } ] }

Heiko

@hko@floss.social replied · last month

Finally, rpgp is just as happy to inspect ancient PGP certificates as it is with modern v6 ones:

$ rpgp status hal_1992.cert

This historical PGP certificate is almost 33 years old today, and uses the prehistoric "v2" key format.

While it's certainly not practically useful to use such keys in the current era, it may still sometimes be helpful (or just plain fun) to inspect them, for informational purposes - or to marvel at the longevity of the OpenPGP format for a minute.

🧵 5/5

A terminal session that shows the following command and output:

$ rpgp status hal_1992.cert
🔐 RSA(1024) v2 515c99ff35994387e2d430173749a06c
⏱️ Created 1992-09-08 05:12:44 UTC
🚫 Invalid: no active signature in primary user id

🪪 ID "Hal Finney <74076.1041@compuserve.com>"
🚫 Invalid: no active signature — A terminal session that shows the following command and output: $ rpgp status hal_1992.cert 🔐 RSA(1024) v2 515c99ff35994387e2d430173749a06c ⏱️ Created 1992-09-08 05:12:44 UTC 🚫 Invalid: no active signature in primary user id 🪪 ID "Hal Finney <74076.1041@compuserve.com>" 🚫 Invalid: no active signature

Heiko

@hko@floss.social replied · last month

For scale: This v2 public key predates the earliest beginnings of the venerable GnuPG project by around 5 years (see e.g. https://linuxsecurity.com/news/cryptography/a-short-history-of-the-gnu-privacy-guard)

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.1 no JS en

Automatic federation enabled