How do I look inside apt/trusted.gpg?

I like to put the contents of /etc inside git, so I can see what auto-updates change, and when something breaks, so I can go back and find out what I changed since it last worked.

At the moment I'm being told:

modified:   trusted.gpg
modified:   trusted.gpg~

git diff is no use as these are binary files. Of course I could check them in, but these files are central to package security, so doing that would make mockery of my attempts at being secure! So, how do I find out what has changed?

As root I've tried:

cd /etc/apt
gpg -k trusted.gpg

(also tried --list-keys, --list-public-keys). It says gpg: error reading key: public key not found.

I'm sure it must just be a matter of discovering the correct parameters to give to gpg?

$ apt-key list

From the docs on secure apt:

apt-key is a program that is used to manage a keyring of gpg keys for secure apt. The keyring is kept in the file /etc/apt/trusted.gpg (not to be confused with the related but not very interesting /etc/apt/trustdb.gpg). apt-key can be used to show the keys in the keyring, and to add or remove a key.

If you are using gpg -k --keyring <file> make sure that you specify the file path otherwise gpg will assume <file> is located in ~/.gnupg/ even if it exists in the current directory!

The following won't work as expected:

cd /etc/apt
gpg -k --no-default-keyring --keyring trusted.gpg

Instead:

cd /etc/apt
gpg -k --no-default-keyring --keyring ./trusted.gpg