TL;DR
You can use gpg --list-sigs to find all keys signed by a specific key ID. This lets you see which other keys trust a particular one.
How to Find Keys Signed by a GPG Key
- Get the Key ID: First, you need the long hexadecimal key ID of the signing key. You can find this using
gpg --list-keysor from your keyring file. For example:gpg --list-keys | grep 'pub'This will output lines like:
pub rsa4096/YOUR_KEY_ID 2023-10-27 [SC]
TheYOUR_KEY_IDis what you need. - List Signatures: Use the
gpg --list-sigscommand, followed by the key ID. This will show all signatures made *by* that key:gpg --list-sigs YOUR_KEY_ID - Interpret the Output: The output will list keys signed by the specified key. Each entry includes information like:
- The key ID of the signed key.
- The date of the signature.
- Whether it’s a valid signature (look for ‘Good signature’).
- Example Output: A typical output might look like this:
gpg --list-sigs 3AA5C34371567BD2pub rsa4096/3AA5C34371567BD2 2023-10-27 [SC] User Name <[email protected]>
sig 3AA5C34371567BD2 2023-10-28 User Name <[email protected]> Good signature from User Name <[email protected]>
pub rsa4096/BBE47D05C48F2E2A 2023-11-15 [SC] Another User <[email protected]>
sig BBE47D05C48F2E2A 2023-11-16 Another User <[email protected]> Good signature from User Name <[email protected]> - Filtering the Output (Optional): If you only want the key IDs of the signed keys, you can use
grepandawk:gpg --list-sigs YOUR_KEY_ID | grep 'pub' | awk '{print $2}'This will extract just the key ID from each line starting with ‘pub’.