Extract a John the Ripper hash from a passphrase-protected GPG/PGP private key with gpg2john. For authorized key recovery only.
gpg2john reads an OpenPGP/GnuPG secret key file and emits a hash that John the Ripper can use to recover the key's passphrase. GPG protects the secret key material with a string-to-key (S2K) function, and gpg2john captures the S2K parameters and the encrypted key bytes. It does not unlock the key; it produces the data needed to test passphrase guesses offline. Use it only to recover your own keys.
Input:
secret-key.gpg / private.asc
Output:
private:$gpg$*1*<len>*<...>*<salt>*<count>
Does this work on ASCII-armored keys?
The hash is extracted from the binary secret-key packets. Armored (.asc) keys are the same data base64-wrapped, so they can be processed once decoded.
What is S2K and why does it matter?
String-to-key is GPG's passphrase key-derivation. Iterated-salted S2K with a high count makes guessing slow, which strengthens recovery resistance.
Which hashcat mode corresponds?
GPG secret keys map to hashcat mode 16700 (and 17010/17020 for some variants).
This tool extracts password hashes from GPG keys, useful for password recovery and penetration testing.
Supported Tools: