Forensics: How to find the public key used to encrypt a file
When coming across encrypted files you may have a need to see what key was used to encrypt the file. Although this does not help you decrypt the file it can possibly provide a small piece of a much larger story.
The easy way is to use gpg -vv then your file name:
gpg -vv mytest.gpg
:pubkey enc packet: version 3, algo 1, keyid E4805172EBD35C7D
data: [4096 bits]
gpg: public key is EBD35C7D
:encrypted data packet:
gpg: encrypted with RSA key, ID EBD35C7D
gpg: decryption failed: secret key not available
If you are unfortunate enough not to have access to gpg you can also use a base64 encoder and a hex editor. If you have both of these you are probably not using Windows and already have gpg, but lets have some fun for learning sake. There are several ways to approach this.
The simplest it to make a copy of the file:
cp mytest.gpg copy-mytest.gpg
Encode the file
Use xxd or your favorite hex editor to look at the first 17th – 24th byte.
00000000: 8502 0c03 e480 5172 ebd3 5c7d 0110 00d7 ……Qr..}….