OpenPGP 2.0 and Hushmail keys

Werner Koch wk at gnupg.org
Mon Sep 21 11:10:00 CEST 2009 

On Thu, 10 Sep 2009 18:53, mcse83 at hotmail.com said:

> I am battling to understand this as I thought generating a key pair on
> the openPGP card itself was as secure as can be as your private key ONLY
> exists on the card itself and is not available anywhere else (ie: on
> your hard drive for export).

If you look at the exported key you posted with gpg --list-packets yopu
will get the listing below.  I added a few comments:

  :secret key packet:
  	version 4, algo 1, created 1252600418, expires 0
  	skey[0]: [1024 bits]
  	skey[1]: [17 bits]
  	gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0
  	serial-number:  d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00

The primary secret key stub.  The line "gnu-divert-to-card" indicates
that this is stub key.

As you can see there are only two parameters: skey[0] and skey[1] - this
makes up the public parts of the key.  There is nothing secret with
them.  For a real secret key (and not just a stub) you would see more
parameters (i.e. the secret parameters).

  :user ID packet: "sw at test.com (TEST 003) <sw at test.com>"
  :signature packet: algo 1, keyid 446D3054095646C6
  	version 4, created 1252600418, md5len 0, sigclass 0x13
  	digest algo 2, begin of digest 4d 4e
  	hashed subpkt 2 len 4 (sig created 2009-09-10)
  	hashed subpkt 27 len 1 (key flags: 03)
  	hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
  	hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
  	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
  	hashed subpkt 30 len 1 (features: 01)
  	hashed subpkt 23 len 1 (key server preferences: 80)
  	subpkt 16 len 8 (issuer key ID 446D3054095646C6)
  	data: [1023 bits]
  :secret sub key packet:
  	version 4, algo 1, created 1252600418, expires 0
  	skey[0]: [1024 bits]
  	skey[1]: [17 bits]
  	gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0
  	serial-number:  d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00

Same as with the primary key.

  :signature packet: algo 1, keyid 446D3054095646C6
  	version 4, created 1252600418, md5len 0, sigclass 0x18
  	digest algo 2, begin of digest a5 c8
  	hashed subpkt 2 len 4 (sig created 2009-09-10)
  	hashed subpkt 27 len 1 (key flags: 20)
  	subpkt 16 len 8 (issuer key ID 446D3054095646C6)
  	data: [1014 bits]
  :secret sub key packet:
  	version 4, algo 1, created 1252600418, expires 0
  	skey[0]: [1024 bits]
  	skey[1]: [17 bits]
  	gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0
  	serial-number:  d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00

Same as with the primary key.

  :signature packet: algo 1, keyid 446D3054095646C6
  	version 4, created 1252600418, md5len 0, sigclass 0x18
  	digest algo 2, begin of digest b9 15
  	hashed subpkt 2 len 4 (sig created 2009-09-10)
  	hashed subpkt 27 len 1 (key flags: 0C)
  	subpkt 16 len 8 (issuer key ID 446D3054095646C6)
  	data: [1022 bits]



Shalom-Salam,

   Werner
  
-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list