Regex Library
Regex Library
Security

PGP / GPG Key Fingerprint Regex Pattern

Matches a 40-character hexadecimal PGP/GPG key fingerprint with optional 4-char grouping.

Pattern
^[A-Fa-f0-9]{4}(?:\s?[A-Fa-f0-9]{4}){9}$

Tested examples

ABCD EFAB CDEF ABCD EFAB CDEF ABCD EFAB CDEF ABCD
ABCDEFABCDEFABCDEFABCDEFABCDEFABCDEFABCD
ABCD
GHIJKLMN

Test it live

Live Regex TesterJS
0 matches
/
/g
ABCD EFAB CDEF ABCD EFAB CDEF ABCD EFAB CDEF ABCD
ABCDEFABCDEFABCDEFABCDEFABCDEFABCDEFABCD

Use it in your language

Use it in
// JavaScript / Node.js
const regex = /^[A-Fa-f0-9]{4}(?:\s?[A-Fa-f0-9]{4}){9}$/;
const value = "ABCD EFAB CDEF ABCD EFAB CDEF ABCD EFAB CDEF ABCD";
const isMatch = regex.test(value);
console.log(isMatch); // true / false

// Extract all matches
const matches = value.match(/^[A-Fa-f0-9]{4}(?:\s?[A-Fa-f0-9]{4}){9}$/g) || [];

Tags

pgpgpgfingerprintkeycrypto

Frequently asked questions

How do I use the PGP / GPG Key Fingerprint regex pattern in JavaScript?
Wrap the pattern in slashes: const re = /^[A-Fa-f0-9]{4}(?:\s?[A-Fa-f0-9]{4}){9}$/; — then call re.test(value) to check a single value, or value.match(re) to find matches. The "Use it in" snippets above give you the exact code for 9 languages.
Is this pgp / gpg key fingerprint regex production-ready?
Yes — every pattern in the library is tested against valid and invalid examples. Still, regex is one layer in a defense-in-depth strategy: pair it with server-side validation (e.g. Luhn for credit cards, mod-97 for IBAN, real DNS lookup for emails) for critical inputs.
Why does my pattern fail in another language?
Different regex engines (PCRE, Java, Python, Go's RE2) support slightly different syntax. The most common gotchas: lookbehinds (not in RE2), named groups syntax, and how backslashes need to be escaped inside string literals. The code snippets above already escape correctly for each language.
Can I edit this pattern and test it live?
Yes — use the live tester above. Type your test string and toggle flags (g, i, m, s, u, y) to see matches highlighted instantly, including capture groups.

Related patterns

See all Security
Security

SQL Injection Detection

Detects suspicious SQL injection patterns.

Security

Strong Password

At least 12 characters with lowercase, uppercase, digit, and special character.

Security

JWT Token

Validates the structure of a JSON Web Token (three Base64URL parts separated by dots).

Security

Ultra-Secure Password

Minimum 12 characters, must include uppercase, lowercase, number, and special character.

Security

Basic XSS Detection

Detects common XSS patterns.

Security

TOTP / OTP Code

Validates 6-digit one-time passwords (TOTP, Google Authenticator, SMS OTP).

Browse the full library — 250 tested regex patterns across 16 categories.

All patternsOpen regex testerRegex cheatsheet