Exploit Notes

GPG (GNU Privacy Guard)

Last modified: 2023-02-15


GPG is a free-software replacement for Symantec's PGP cryptographic software suite.


1. Crack Passphrase from Private Key

  • gpg2john

    First of all, you need to format the private key to make the John to recognize it.

    gpg2john private.key > key.txt
    gpg2john private_key.asc > key.txt
    gpg2john private_key.sig > key.txt

    Crack the passphrase using the formatted text.

    john --wordlist=wordlist.txt key.txt
  • custom script

    If you cannot crack the passphrase using gpg2john for some reasons (error, etc), you can use the script as alternative.

    ./crackgpg.sh example.gpg passwords.txt

2. Import the Private Key

gpg --import private.key
gpg --import private_key.asc
gpg --import private_key.sig

To list the imported keys,

gpg --list-keys
gpg --list-secret-keys

3. Decrypt GPG (PGP) using the Passphrase

At that time, you'll be asked for the passphrase, so enter the passphrase you gotten in the previous section.

# -d: decrypt
gpg -d example.gpg
gpg -d example.pgp

Decrypt ASC File

We can decrypt .asc file by importing private key.

gpg --import private.key
gpg --decrypt example.asc


# -e: encrypt
gpg -e example.txt

# -c: encrypt only with symmetric cipher
gpg -c example.txt

# --cipher-algo: Encryption type
gpg --cipher-algo AES-256 -c example.txt

Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.