Skip to content
Latchkey

gpg --list-keys and --list-secret-keys

gpg --list-keys lists public keys and --list-secret-keys lists the private keys available for signing.

After importing a key you usually list it to grab the key ID or to confirm the secret half is present. --with-colons gives parseable output for scripts.

What it does

gpg --list-keys prints the public keys in the keyring with their IDs, user IDs, and expiry. gpg --list-secret-keys prints the secret keys, which are the ones usable for signing or decryption. --with-colons emits a stable, machine-readable format.

Common usage

Terminal
gpg --list-keys
gpg --list-secret-keys --keyid-format long
# machine-readable: pull the signing key fingerprint
gpg --list-secret-keys --with-colons \
  | awk -F: '/^fpr:/ {print $10; exit}'

Options

FlagWhat it does
--list-keys / -kList public keys
--list-secret-keys / -KList secret keys
--keyid-format short|long|none|0xlongFormat of displayed key IDs
--with-colonsStable machine-readable output
--with-fingerprintInclude full fingerprints

Common errors in CI

An empty listing usually means GNUPGHOME points at a different directory than where you imported, or the import silently failed. If --list-secret-keys is empty but --list-keys shows the key, you imported only the public half and cannot sign. "gpg: WARNING: unsafe permissions on homedir" appears here too when GNUPGHOME is not chmod 700.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →