Fingerprunk

Fingerprunk (/ˈfɪŋɐpʁʊŋk/; from fingerprint and German Prunk 'pageantry, splendor') is a CLI tool for brute-forcing OpenPGP keys with fingerprints that match a given regex.

Installation

Install Rust, then install Fingerprunk from crates.io:

cargo install fingerprunk

Usage

Let's say you want to find keys whose fingerprints begin with C0FFEE and store them at secret.asc. The regex for this is ^C0FFEE. Now, simply use the following command to start the search:

fingerprunk -r '^C0FFEE' >> secret.asc

Fingerprunk will now generate many keys and write out all keys with matching fingerprints to standard output (here: secret.asc).

If you want Fingerprunk to output password-encrypted keys use the -p flag and you will be prompted for a password.

Regex format

Fingerprunk uses fancy-regex, for which you can test and debug your regexes at the fancy-regex playground.

The regex is matched against the upper-case hexadecimal representation of the fingerprint, e.g. C0FFEE2494E2B365CAB564236C79CDD8F048CBDC.

Here is some inspiration for regexes you could use:

Be sure to escape your regex in your shell, e.g. '(.)\\1{7}' instead of '(.)\1{7}'.

Also see https://en.wikipedia.org/wiki/Hexspeak for some further examples of "hexadecimal words".

How long does it take?

On my machine with an AMD Ryzen 7 5800X processor, Fingerprunk is able to generate and check about 43500 keys per second. This means that for finding a fingerprint with a string of n specific hexadecimal digits at a specific place, I could expect the following runtimes until finding the first key:

As you can see, anything above 10 fixed digits is pretty much unfeasible, at least with a normal personal computer.