gpgsplit

gpgsplit [options] [KEY_FILE]

--output DIR
    Specifies a directory DIR where the extracted components should be written as separate files.

--list-packets
    Instead of writing to files, lists all identified OpenPGP packets and their types to standard output.

--dry-run
    Performs a simulated run without actually writing any output files or modifying the system. Useful for testing.

--force
    When used with --output, allows gpgsplit to overwrite existing files in the specified directory.

--verbose
    Enables more detailed output, showing progress and information about the processed packets.

--version
    Displays the version information of gpgsplit and exits.

--help
    Displays a brief help message with available options and exits.

--homedir DIR
    Sets the GnuPG home directory to DIR. This is usually not needed for gpgsplit as it operates on raw key data.

--debug-level LEVEL
    Sets the debug level for diagnostics (e.g., guru for maximum verbosity).

--batch
    Runs in batch mode, suppressing all user interaction.

--no-tty
    Disables the use of the TTY for user interaction or prompts.

gpgsplit is a specialized utility within the GnuPG suite designed to parse and dissect a GnuPG key block into its constituent OpenPGP packets. When provided with a key file (or standard input), it identifies and extracts distinct elements such as the primary public key, subkeys, user IDs, and their associated signatures. Each of these components is then output as a separate, self-contained block.

This functionality is invaluable for developers, security researchers, and auditors who need to examine the granular structure of a GnuPG key, understand its composition, or troubleshoot issues. It processes raw OpenPGP packet data, offering a detailed view beyond what standard GnuPG key listing functions provide, making it a powerful tool for in-depth key analysis and manipulation.

gpgsplit is primarily a parsing tool and does not perform cryptographic validation of the key material. It merely dissects the OpenPGP packet stream. The extracted components, especially private key packets, should be handled with extreme care due to their sensitive nature. It assumes the input is a valid OpenPGP key block; malformed input may lead to unexpected behavior.

When using the --output option, gpgsplit creates files with a consistent naming scheme. Files are typically named XXXXXX-YYY.EXT, where XXXXXX is a sequential key block number (e.g., 000000 for the first key), YYY is a sequential packet number within that block (e.g., 001, 002), and EXT indicates the packet type (e.g., .pk for public key, .sk for subkey, .uid for user ID, .sig for signature, .psk for private subkey). This systematic naming aids in organizing and understanding the key's disassembled parts.

gpgsplit can identify and extract various OpenPGP packet types, including Public-Key Packet (primary key), Public-Subkey Packet, User ID Packet, Signature Packet, Public-Key Encrypted Session Key Packet, Symmetric-Key Encrypted Session Key Packet, Compressed Data Packet, Literal Data Packet, Trust Packet, User Attribute Packet, Symmetrically Encrypted and Malleable Data Packet, and others. This comprehensive dissection allows for a deep inspection of the key's entire structure and associated data.

gpgsplit is an integral part of the GnuPG (GNU Privacy Guard) project, a free implementation of the OpenPGP standard. It was developed to provide a low-level tool for analyzing and breaking down OpenPGP key structures, complementing the higher-level functions of the main gpg command. Its development follows the GnuPG project's commitment to transparency and auditable cryptography, allowing users and developers to inspect the raw components of cryptographic keys.

gpg(1), gpgconf(1), gpg-agent(1)