Import PGP public key by string

Question

I want to import a PGP public key into my keychain in a script, but I don't want it to write the contents to a file. Right now my script does this:

curl http://example.com/pgp-public-key -o /tmp/pgp && gpg --import /tmp/gpg

How could I write this script so I can just call gpg --import and import the public key as a string? Thank you for your help.

score 22 · Accepted Answer · answered Sep 09 '16 at 12:51

22

gpg --import knows two ways of operation: it can either read from a file (for example gpg --import key.gpg) or -- if no file name is passed -- read from STDIN. curl on the other hand will print the fetched document to STDOUT if no -o parameter is given. Putting both together with a pipe will directly stream the results from curl into gpg --import:

curl http://example.com/pgp-public-key | gpg --import

answered Sep 09 '16 at 12:51

Jens Erat

37,523
16
80
96

Add `-L` to curl if you need it to follow redirects. – Gunar Gessner Aug 28 '21 at 10:19

score 2 · Answer 2 · answered Sep 09 '16 at 12:46

2

In bash, you can use:

gpg --import <(curl http://example.com/pgp-public-key)

This is called process substitution.

answered Sep 09 '16 at 12:46

Phylogenesis

7,775
19
27

wheeler · Answer 3 · 2019-02-06T18:54:28.450

You can also use curl to search for a key from a public keyserver if you know the key's ID:

curl -fsSL "https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=<key-id-here>" | gpg --import -

Note: you must prepend the key ID with 0x.

Most public key servers allow you to truncate the key ID so you don't need to type the whole thing. For example, the following three examples will produce the exact same key:

curl -fsSL "https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0x9454C19A66B920C83DDF696E07C8CCAFCE49F8C5" | gpg --import -

curl -fsSL "https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0x07C8CCAFCE49F8C5" | gpg --import -

curl -fsSL "https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0xCE49F8C5" | gpg --import -

Most of the key servers are synchronized too , so you don't necessarily need to stick with a single key server. You can see a list of other key servers and the information at the SKS Keyserver status page.

Explanations for the -fsSL in the curl command:

-f, --fail:

(HTTP) Fail silently (no output at all) on server errors.

-s, --silent:

Silent or quiet mode.

-S, --show-error:

When used with -s, --silent, it makes curl show an error message if it fails.

-L, --location:

(HTTP) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code), this option will make curl redo the request on the new place.

score 0 · Answer 4 · answered Feb 10 '22 at 13:43

We can also achieve this with pgp cmd. For example:

To import PGP public key to keychain(keyring):

pgp --import "F:\file_path\pgp_public_cert\publickey.asc" --public-keyring "F:\FilePath\keychain\pubchain.gpg"

To import PGP private key to keychain(keyring):

pgp --import "F:\file_path\pgp_private_cert\privatekey.asc" --private-keyring "F:\FilePath\keychain\secchain.gpg"

Here,

publickey.asc -> my public key

privatekey.asc -> my private key

pubchain.gpg -> my public keyring/keychain where i have stored all my public certificate or public keys.

secchain.gpg -> my private keyring/keychain where i have stored all my private certificate or private keys.

Hope this also helps for somebody.

Import PGP public key by string

4 Answers4