gpg --list-keys and --list-secret-keys
gpg --list-keys lists public keys and --list-secret-keys lists the private keys available for signing.
After importing a key you usually list it to grab the key ID or to confirm the secret half is present. --with-colons gives parseable output for scripts.
What it does
gpg --list-keys prints the public keys in the keyring with their IDs, user IDs, and expiry. gpg --list-secret-keys prints the secret keys, which are the ones usable for signing or decryption. --with-colons emits a stable, machine-readable format.
Common usage
gpg --list-keys
gpg --list-secret-keys --keyid-format long
# machine-readable: pull the signing key fingerprint
gpg --list-secret-keys --with-colons \
| awk -F: '/^fpr:/ {print $10; exit}'Options
| Flag | What it does |
|---|---|
| --list-keys / -k | List public keys |
| --list-secret-keys / -K | List secret keys |
| --keyid-format short|long|none|0xlong | Format of displayed key IDs |
| --with-colons | Stable machine-readable output |
| --with-fingerprint | Include full fingerprints |
Common errors in CI
An empty listing usually means GNUPGHOME points at a different directory than where you imported, or the import silently failed. If --list-secret-keys is empty but --list-keys shows the key, you imported only the public half and cannot sign. "gpg: WARNING: unsafe permissions on homedir" appears here too when GNUPGHOME is not chmod 700.